{"id":"MAL-2026-4270","summary":"Malicious code in clickpy (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (4eabe2c137602d61ffca6cc787c74601220c1e92f9b77300775a94327b784600)\nThe OpenSSF Package Analysis project identified 'clickpy' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n","modified":"2026-05-23T23:31:36.534909400Z","published":"2026-05-23T23:00:29Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-05-23T23:00:29Z","import_time":"2026-05-23T23:23:03.728296797Z","sha256":"4eabe2c137602d61ffca6cc787c74601220c1e92f9b77300775a94327b784600","versions":["1.0.1"],"source":"ossf-package-analysis"}]},"affected":[{"package":{"name":"clickpy","ecosystem":"npm","purl":"pkg:npm/clickpy"},"versions":["1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/clickpy/MAL-2026-4270.json"}}],"schema_version":"1.7.5","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}