{"id":"MAL-2026-3421","summary":"Malicious code in oneblk-design-system (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb)\nThe package oneblk-design-system was found to contain malicious code.\n\n## Source: ossf-package-analysis (0edb2241655649c1939ad8633be7ac2c8459093640c8948a579b63f581dbadac)\nThe OpenSSF Package Analysis project identified 'oneblk-design-system' @ 99.99.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-05-12T07:57:37.353501Z","published":"2026-05-08T22:46:52Z","database_specific":{"malicious-packages-origins":[{"sha256":"0edb2241655649c1939ad8633be7ac2c8459093640c8948a579b63f581dbadac","source":"ossf-package-analysis","versions":["99.99.99"],"modified_time":"2026-05-08T22:46:52Z","import_time":"2026-05-11T00:52:27.402514588Z"},{"sha256":"f46bbc3e155a30851463f65a3f9d5af33ebd5172df5ad70f7b022a77448fc6eb","source":"amazon-inspector","versions":["99.99.99"],"modified_time":"2026-05-12T06:53:21Z","import_time":"2026-05-12T07:28:54.220694159Z"}]},"affected":[{"package":{"name":"oneblk-design-system","ecosystem":"npm","purl":"pkg:npm/oneblk-design-system"},"versions":["99.99.99"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/oneblk-design-system/MAL-2026-3421.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}