{"id":"MAL-2026-3374","summary":"Malicious code in playgod (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (f0aee4818420709f0d12c4a32c97671628fffdb1255fefd1895b2c3f880f8b2b)\nThe package playgod was found to contain malicious code.\n\n## Source: ossf-package-analysis (a700663ab039dd35fa24734d883219fff845bb0c6017a5e0dcb0191dfa4676b0)\nThe OpenSSF Package Analysis project identified 'playgod' @ 1.1.2 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-05-12T07:57:39.239551Z","published":"2026-05-08T05:16:26Z","database_specific":{"malicious-packages-origins":[{"sha256":"a700663ab039dd35fa24734d883219fff845bb0c6017a5e0dcb0191dfa4676b0","source":"ossf-package-analysis","modified_time":"2026-05-08T05:16:26Z","import_time":"2026-05-08T05:44:45.239117307Z","versions":["1.1.2"]},{"sha256":"f0aee4818420709f0d12c4a32c97671628fffdb1255fefd1895b2c3f880f8b2b","source":"amazon-inspector","modified_time":"2026-05-12T06:53:21Z","import_time":"2026-05-12T07:28:49.89249239Z","versions":["1.1.2"]}]},"affected":[{"package":{"name":"playgod","ecosystem":"npm","purl":"pkg:npm/playgod"},"versions":["1.1.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/playgod/MAL-2026-3374.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}