{"id":"MAL-2026-3804","summary":"Malicious code in bui-react-10components (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (3fd97accb94b52913accc33671fd34134afa96fd92bc09e5d0c440eef9b1a8c6)\nThe package bui-react-10components was found to contain malicious code.\n\n## Source: ossf-package-analysis (3e296c32203cc05a9f9f2bffa6082ce019d829da2e53e83034754179dc0e17d9)\nThe OpenSSF Package Analysis project identified 'bui-react-10components' @ 99.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-05-19T18:02:19.475212455Z","published":"2026-05-16T09:16:46Z","database_specific":{"malicious-packages-origins":[{"versions":["99.0.0"],"modified_time":"2026-05-16T09:16:46Z","sha256":"3e296c32203cc05a9f9f2bffa6082ce019d829da2e53e83034754179dc0e17d9","import_time":"2026-05-16T10:01:30.383651947Z","source":"ossf-package-analysis"},{"versions":["99.0.0"],"modified_time":"2026-05-19T16:47:48Z","sha256":"3fd97accb94b52913accc33671fd34134afa96fd92bc09e5d0c440eef9b1a8c6","import_time":"2026-05-19T17:50:21.616589227Z","source":"amazon-inspector"}]},"affected":[{"package":{"name":"bui-react-10components","ecosystem":"npm","purl":"pkg:npm/bui-react-10components"},"versions":["99.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/bui-react-10components/MAL-2026-3804.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}