{"id":"MAL-2026-3506","summary":"Malicious code in @mimecast-ui/charts (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (e603deff481f2fdd492adde6f7d1f060fa7aa7d15f63abc4cc43fa7782409705)\nThe package @mimecast-ui/charts was found to contain malicious code.\n\n## Source: ossf-package-analysis (831be2c3e6c9885c479ff2920f4f2bd45a313483073af42ed59ba0ac78a98e3b)\nThe OpenSSF Package Analysis project identified '@mimecast-ui/charts' @ 2.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-05-12T07:53:22.397917Z","published":"2026-05-11T16:25:52Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-05-11T16:25:52Z","source":"ossf-package-analysis","import_time":"2026-05-12T01:40:23.751198355Z","versions":["2.0.0"],"sha256":"831be2c3e6c9885c479ff2920f4f2bd45a313483073af42ed59ba0ac78a98e3b"},{"modified_time":"2026-05-12T06:53:21Z","source":"amazon-inspector","import_time":"2026-05-12T07:28:52.228188193Z","versions":["2.0.0"],"sha256":"e603deff481f2fdd492adde6f7d1f060fa7aa7d15f63abc4cc43fa7782409705"}]},"affected":[{"package":{"name":"@mimecast-ui/charts","ecosystem":"npm","purl":"pkg:npm/%40mimecast-ui/charts"},"versions":["2.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@mimecast-ui/charts/MAL-2026-3506.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}