{"id":"MAL-2026-3666","summary":"Malicious code in 01-0redi7qgbz0uv (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (5ceb633970757ab5d5ee0b64512c18d46be8402ac2169769101655a697ee5d6d)\nthe analysis found that this package has a garbage randomized name ('01-0redi7qgbz0uv'), empty description, placeholder test script, and an index.js that is not valid JavaScript confirms hyphenated/numeric-leading identifiers that cannot be parsed). It has no functional code whatsoever. Its sole observable effect is to pin 40+ obscure wallet/crypto/trading-themed dependencies at 'latest' (walletgeninjsio, transferbwallets, balancetracking, arbitexchange, cryptoperfume, -rypto-ompareinfo, etc.). This matches the meta-package dependency-delivery pattern: the package itself contains no payload, but installing it forces installation of an arbitrary batch of attacker-controlled packages at whatever the latest version happens to be. Under the generic-placeholder-metadata-plus-network calibration (placeholder metadata + indirect supply-chain reach), combined with (a) non-functional entrypoint, (b) randomized name indicating no intended human consumer, and (c) crypto-themed transitive targets at floating 'latest' ranges, there is no legitimate use case for this package.\n","modified":"2026-05-13T20:23:10.838933Z","published":"2026-05-12T07:44:18Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-002418","modified_time":"2026-05-12T19:03:07Z","import_time":"2026-05-13T20:10:56.789264488Z","versions":["1.0.0"],"source":"amazon-inspector","sha256":"5ceb633970757ab5d5ee0b64512c18d46be8402ac2169769101655a697ee5d6d"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/01-0redi7qgbz0uv/v/1.0.0"}],"affected":[{"package":{"name":"01-0redi7qgbz0uv","ecosystem":"npm","purl":"pkg:npm/01-0redi7qgbz0uv"},"versions":["1.0.0"],"database_specific":{"indicators":{"package_integrity":[{"hashes":{"sha512_sri":"sha512-0Z+XGoE89kpGCOwHoHY70hqrxdmHbwlodTdGDdECUOH6RrwJXpK0S0kYuGryH3YRM6ReBucFmFMURNBoN9dc8w==","sha1":"c2c18ee8c808b9f4ddb8b6e8876d06c06804ce3c"},"filename":"01-0redi7qgbz0uv-1.0.0.tgz"}],"evidence_files":[{"path":"package.json","tlsh":"3c21a538cba35c2b6488336598a65353fb54c5174e00781ab786519c9fde06b2cbd31e","sha256":"d99a7eeb310a2d5e976508013122fbf0610c3070323e97f026f3d1d46c3b109b"},{"path":"index.js","tlsh":"7a3174e023d9f079b9f152c5f9f1926725a7d325b203daa2c69940e305c30c56f97db8","sha256":"74029fd758da333c05dbc9a577e4ecdddac69e5152f8a79474712b076502d207"}]},"cwes":[{"cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/01-0redi7qgbz0uv/MAL-2026-3666.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}