{"id":"MAL-2026-461","summary":"Malicious code in @corp-front/corporate-filter-company-select (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (3aaa588b7207d5174a115bb4b75335970dd288419043e978ffc3dc455f8608c5)\nThe package @corp-front/corporate-filter-company-select was found to contain malicious code.\n\n## Source: ossf-package-analysis (061e4fc2b95d595878f274d13f3b7025f470604ce5aa3c98432f361bbdfb8022)\nThe OpenSSF Package Analysis project identified '@corp-front/corporate-filter-company-select' @ 2.99.99 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-01-23T01:55:22.218356Z","published":"2026-01-22T12:24:27Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-01-22T12:24:27Z","import_time":"2026-01-22T12:48:35.730082138Z","source":"ossf-package-analysis","versions":["2.99.99"],"sha256":"061e4fc2b95d595878f274d13f3b7025f470604ce5aa3c98432f361bbdfb8022"},{"modified_time":"2026-01-23T01:13:12Z","import_time":"2026-01-23T01:36:38.857416132Z","source":"amazon-inspector","versions":["2.99.99"],"sha256":"3aaa588b7207d5174a115bb4b75335970dd288419043e978ffc3dc455f8608c5"}]},"affected":[{"package":{"name":"@corp-front/corporate-filter-company-select","ecosystem":"npm","purl":"pkg:npm/%40corp-front/corporate-filter-company-select"},"versions":["2.99.99"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@corp-front/corporate-filter-company-select/MAL-2026-461.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}