{"id":"MAL-2026-3249","summary":"Malicious code in internal-company-module-test-1337 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (ffa107cadda6301a772af8727ebafd976365c28371cddd211c176a57b12715d9)\nThe package internal-company-module-test-1337 was found to contain malicious code.\n\n## Source: ossf-package-analysis (07c2475e90b699654b9aa4a19c5ca0592001681d7a28996dc02ff7c31faf7343)\nThe OpenSSF Package Analysis project identified 'internal-company-module-test-1337' @ 99.99.9994 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-05-12T07:57:11.773040Z","published":"2026-05-03T15:33:36Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-05-03T15:48:41.008844096Z","source":"ossf-package-analysis","sha256":"07c2475e90b699654b9aa4a19c5ca0592001681d7a28996dc02ff7c31faf7343","versions":["99.99.9994"],"modified_time":"2026-05-03T15:33:36Z"},{"import_time":"2026-05-03T15:48:41.128067276Z","source":"ossf-package-analysis","sha256":"e6c3688b939c7d34bd5baa1f6f6d982f8c42613281c8025a80b3fa5d42e55ee6","versions":["99.99.9995"],"modified_time":"2026-05-03T15:39:54Z"},{"import_time":"2026-05-03T16:19:56.02672771Z","source":"ossf-package-analysis","sha256":"a239618b3ac37b6b893174de0e258eb36b3a0a104ed97bb29e78d41ee29d1055","versions":["99.99.9996"],"modified_time":"2026-05-03T16:02:18Z"},{"import_time":"2026-05-03T16:19:55.97665773Z","source":"ossf-package-analysis","sha256":"daa07f251ccced0e7fc3db2fd9c5ad42a02551f7797b3a0f8745dd000c1783f3","versions":["99.99.9992"],"modified_time":"2026-05-03T15:49:42Z"},{"import_time":"2026-05-12T07:28:48.271889563Z","source":"amazon-inspector","sha256":"ffa107cadda6301a772af8727ebafd976365c28371cddd211c176a57b12715d9","versions":["99.99.9994","99.99.9995","99.99.9996","99.99.9992"],"modified_time":"2026-05-12T06:53:21Z"}]},"affected":[{"package":{"name":"internal-company-module-test-1337","ecosystem":"npm","purl":"pkg:npm/internal-company-module-test-1337"},"versions":["99.99.9994","99.99.9995","99.99.9996","99.99.9992"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/internal-company-module-test-1337/MAL-2026-3249.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}