{"id":"MAL-2026-459","summary":"Malicious code in un112 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (c1521874d670863316d54ec7213c067617cac71476025f1e398ca9ea01fe1f71)\nThe package un112 was found to contain malicious code.\n\n## Source: ossf-package-analysis (cdd54832c7f264a3a18301f19d464ca271573a29173fe997e49e6c55b0ae1f87)\nThe OpenSSF Package Analysis project identified 'un112' @ 1.0.18 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-01-23T01:53:43.639837Z","published":"2026-01-22T09:55:45Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-01-22T10:09:38.522937302Z","versions":["1.0.2"],"source":"ossf-package-analysis","sha256":"0d1b233e9feeaa79bb424b05fb0a39efdae797415d415bc75e9567fd053a184d","modified_time":"2026-01-22T09:55:45Z"},{"import_time":"2026-01-22T10:09:38.834367871Z","versions":["1.0.3"],"source":"ossf-package-analysis","sha256":"de4f2098967c4c1c29239308be090b1220a5a10885f19b72915d9b94e727b4d6","modified_time":"2026-01-22T10:06:18Z"},{"import_time":"2026-01-22T10:44:23.474713406Z","versions":["1.0.5"],"source":"ossf-package-analysis","sha256":"6d80f3419e72882c2d5a2038684dd7b3b67612745a4f53a7c848d18a2025a185","modified_time":"2026-01-22T10:11:12Z"},{"import_time":"2026-01-22T11:39:04.633126048Z","versions":["1.0.18"],"source":"ossf-package-analysis","sha256":"cdd54832c7f264a3a18301f19d464ca271573a29173fe997e49e6c55b0ae1f87","modified_time":"2026-01-22T11:21:00Z"},{"import_time":"2026-01-22T12:48:35.482872258Z","versions":["1.0.24"],"source":"ossf-package-analysis","sha256":"74ab28da85fdb961668dc8fb0dc9b59ff55f60f2080e89923d78829b60ed1767","modified_time":"2026-01-22T12:22:33Z"},{"import_time":"2026-01-22T13:21:49.574918229Z","versions":["1.0.28"],"source":"ossf-package-analysis","sha256":"8210776b11cfa28a05bb7b7d409975b8a0096cc7dc8ad0c00166b6c6e775693d","modified_time":"2026-01-22T13:00:48Z"},{"import_time":"2026-01-22T13:21:49.444222201Z","versions":["1.0.29"],"source":"ossf-package-analysis","sha256":"897d49fb7ce4357ac242add413e4b7625b625e40ae915da7413b54d7939ac80c","modified_time":"2026-01-22T12:56:55Z"},{"import_time":"2026-01-22T13:21:49.618649256Z","versions":["1.0.31"],"source":"ossf-package-analysis","sha256":"915a1220bd2a86659d450790a3c26e44e6bcab3f197ec6772ccf762bb8b4296c","modified_time":"2026-01-22T13:16:03Z"},{"import_time":"2026-01-22T13:48:18.413302706Z","versions":["1.0.32"],"source":"ossf-package-analysis","sha256":"7607c1e2ae4e1e93a503caee44a0aa502b8502a54a0e6cd52aee82461c10a53f","modified_time":"2026-01-22T13:25:40Z"},{"import_time":"2026-01-22T14:13:57.023842901Z","versions":["1.0.36"],"source":"ossf-package-analysis","sha256":"c231ba8cd4202c6577c503556079fffdac31fe3345fcdc07a84c21ba259b5cac","modified_time":"2026-01-22T14:05:57Z"},{"import_time":"2026-01-22T14:45:17.679920762Z","versions":["1.0.38"],"source":"ossf-package-analysis","sha256":"b418440c4bb5a371f41df33488b81f4dc1f7e029364d18a5250e17f5c8bf9161","modified_time":"2026-01-22T14:20:35Z"},{"import_time":"2026-01-23T01:36:40.288377385Z","versions":["1.0.2","1.0.3","1.0.5","1.0.18","1.0.24","1.0.28","1.0.29","1.0.31","1.0.32","1.0.36","1.0.38"],"source":"amazon-inspector","sha256":"c1521874d670863316d54ec7213c067617cac71476025f1e398ca9ea01fe1f71","modified_time":"2026-01-23T01:13:12Z"}]},"affected":[{"package":{"name":"un112","ecosystem":"npm","purl":"pkg:npm/un112"},"versions":["1.0.2","1.0.3","1.0.5","1.0.18","1.0.24","1.0.28","1.0.29","1.0.31","1.0.32","1.0.36","1.0.38"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/un112/MAL-2026-459.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}