{"id":"MAL-2026-3712","summary":"Malicious code in hardhat-common (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (b72f90917aaff5b42d639bff4d28227b0cd2105ce4d2b109577a76b9d7003ecc)\nThe OpenSSF Package Analysis project identified 'hardhat-common' @ 2.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-05-13T22:22:33.374117Z","published":"2026-05-13T12:01:31Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-05-13T12:10:39Z","versions":["2.0.0"],"sha256":"b72f90917aaff5b42d639bff4d28227b0cd2105ce4d2b109577a76b9d7003ecc","source":"ossf-package-analysis","import_time":"2026-05-13T21:58:23.528124487Z"},{"modified_time":"2026-05-13T12:01:31Z","versions":["1.0.0"],"sha256":"ba89d389724689cbbafd779bf1845a56d9ca60e7a79f52d056fc65fff30333fe","source":"ossf-package-analysis","import_time":"2026-05-13T21:58:23.657362487Z"}]},"affected":[{"package":{"name":"hardhat-common","ecosystem":"npm","purl":"pkg:npm/hardhat-common"},"versions":["2.0.0","1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/hardhat-common/MAL-2026-3712.json"}}],"schema_version":"1.7.5","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}