{"id":"MAL-2026-3410","summary":"Malicious code in @miurba/alcazaba (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (36c814274998998c89db63740c3d1032c8da3d6f6f9e44e100328c83e4ea29a0)\nThe package @miurba/alcazaba was found to contain malicious code.\n\n## Source: ossf-package-analysis (50365d8256527fa5afa757d8d15674e861bec80afcd6517d018e329f3e4fa93f)\nThe OpenSSF Package Analysis project identified '@miurba/alcazaba' @ 99.99.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-05-12T07:53:22.653261Z","published":"2026-05-10T03:36:33Z","database_specific":{"malicious-packages-origins":[{"sha256":"50365d8256527fa5afa757d8d15674e861bec80afcd6517d018e329f3e4fa93f","import_time":"2026-05-10T04:47:36.869741927Z","versions":["99.99.99"],"source":"ossf-package-analysis","modified_time":"2026-05-10T03:36:33Z"},{"sha256":"36c814274998998c89db63740c3d1032c8da3d6f6f9e44e100328c83e4ea29a0","import_time":"2026-05-12T07:28:51.916662591Z","versions":["99.99.99"],"source":"amazon-inspector","modified_time":"2026-05-12T06:53:21Z"}]},"affected":[{"package":{"name":"@miurba/alcazaba","ecosystem":"npm","purl":"pkg:npm/%40miurba/alcazaba"},"versions":["99.99.99"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@miurba/alcazaba/MAL-2026-3410.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}