{"id":"MAL-2026-3394","summary":"Malicious code in @gaia-codesearch/gaia-api-typescript (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (59cc0f371f067ea9c6f0bbe7076f9f33181d8e1ae55c43ff05ae2b854de41549)\nThe package @gaia-codesearch/gaia-api-typescript was found to contain malicious code.\n\n## Source: ossf-package-analysis (f96009564f8e7e51171ad83f7ac75822ab1b1492ab73b06b4596a0686418299f)\nThe OpenSSF Package Analysis project identified '@gaia-codesearch/gaia-api-typescript' @ 0.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-05-12T07:52:47.587866Z","published":"2026-05-08T10:05:46Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","versions":["0.0.5"],"modified_time":"2026-05-08T10:05:46Z","import_time":"2026-05-08T10:37:11.481159853Z","sha256":"f96009564f8e7e51171ad83f7ac75822ab1b1492ab73b06b4596a0686418299f"},{"source":"ossf-package-analysis","versions":["0.0.8"],"modified_time":"2026-05-09T17:47:38Z","import_time":"2026-05-09T17:48:50.105108314Z","sha256":"f309c3fdb4c9fc660b3b6a1d37848723ccd3b7e2164716a820534ecadc7ee924"},{"source":"amazon-inspector","versions":["0.0.5","0.0.8"],"modified_time":"2026-05-12T06:53:21Z","import_time":"2026-05-12T07:28:52.649298874Z","sha256":"59cc0f371f067ea9c6f0bbe7076f9f33181d8e1ae55c43ff05ae2b854de41549"}]},"affected":[{"package":{"name":"@gaia-codesearch/gaia-api-typescript","ecosystem":"npm","purl":"pkg:npm/%40gaia-codesearch/gaia-api-typescript"},"versions":["0.0.5","0.0.8"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@gaia-codesearch/gaia-api-typescript/MAL-2026-3394.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}