{"id":"MAL-2026-6314","summary":"Malicious code in @zynkit/probe (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (5f7da2d08466718d66bb9a80478987eab5041e19ee53f80d6968e6dc3069edf2)\nNo concrete indicators of installer-side harm were observed in this package version. No lifecycle scripts performing remote fetch-and-execute, no credential or environment scraping, no hardcoded attacker network destinations, and no silent-relay patterns are present.\n","modified":"2026-06-23T17:01:26.204462206Z","published":"2026-06-23T16:22:48Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-06-23T16:54:16.413835245Z","id":"IN-MAL-2026-007304","modified_time":"2026-06-23T16:22:48Z","sha256":"5f7da2d08466718d66bb9a80478987eab5041e19ee53f80d6968e6dc3069edf2","versions":["0.0.1"],"source":"amazon-inspector"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/@zynkit/probe/v/0.0.1"}],"affected":[{"package":{"name":"@zynkit/probe","ecosystem":"npm","purl":"pkg:npm/%40zynkit%2Fprobe"},"versions":["0.0.1"],"database_specific":{"indicators":{"package_integrity":[{"filename":"probe-0.0.1.tgz","hashes":{"sha1":"bb32e60d3c4ace35e62a148c2448a07efa79b929","sha512_sri":"sha512-Vo+ut3D4nFENTmu1kQNEiZ0DGfocGJwzsWRmoONc3qPPuPwrkVzOvT2hsUqfKpMKV4CEv+4TfW0bmadil1Y1kQ=="}}]},"cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@zynkit/probe/MAL-2026-6314.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}