{"id":"MAL-2026-3430","summary":"Malicious code in cplace-bmw-emt-mvp (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (2b6d2d57176a41f11e925988396ad8549efc86508c1cc13a7130871f48c15b33)\nThe package cplace-bmw-emt-mvp was found to contain malicious code.\n\n## Source: ossf-package-analysis (a5df536f40d00940affdae35145eefe56cf78dc9302c4b2853776a4ae630182b)\nThe OpenSSF Package Analysis project identified 'cplace-bmw-emt-mvp' @ 2.0.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-05-12T07:56:27.956585Z","published":"2026-05-11T17:58:02Z","database_specific":{"malicious-packages-origins":[{"source":"ossf-package-analysis","import_time":"2026-05-11T18:44:01.71579989Z","versions":["2.0.4"],"modified_time":"2026-05-11T17:58:02Z","sha256":"a5df536f40d00940affdae35145eefe56cf78dc9302c4b2853776a4ae630182b"},{"source":"amazon-inspector","import_time":"2026-05-12T07:28:53.094050364Z","versions":["2.0.4"],"modified_time":"2026-05-12T06:53:21Z","sha256":"2b6d2d57176a41f11e925988396ad8549efc86508c1cc13a7130871f48c15b33"}]},"affected":[{"package":{"name":"cplace-bmw-emt-mvp","ecosystem":"npm","purl":"pkg:npm/cplace-bmw-emt-mvp"},"versions":["2.0.4"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/cplace-bmw-emt-mvp/MAL-2026-3430.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}