{"id":"MAL-2026-5168","summary":"Malicious code in vg-interaction-model (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (aba91a5b2aeb99e94b28109825a7ac069669d39c12c118fd37d9ef70afe63261)\nThe OpenSSF Package Analysis project identified 'vg-interaction-model' @ 40.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-06-03T03:31:41.018747257Z","published":"2026-06-02T16:30:37Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-06-02T16:30:37Z","sha256":"aba91a5b2aeb99e94b28109825a7ac069669d39c12c118fd37d9ef70afe63261","import_time":"2026-06-02T16:33:20.643494695Z","source":"ossf-package-analysis","versions":["40.0.1"]},{"modified_time":"2026-06-02T19:35:35Z","sha256":"407173b2aee14360bfad38888d87727b81adef8528e3f63dd41520a6fd3ccabf","import_time":"2026-06-03T03:16:20.383584507Z","source":"ossf-package-analysis","versions":["40.0.4"]}]},"affected":[{"package":{"name":"vg-interaction-model","ecosystem":"npm","purl":"pkg:npm/vg-interaction-model"},"versions":["40.0.1","40.0.4"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vg-interaction-model/MAL-2026-5168.json"}}],"schema_version":"1.7.5","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}