{"id":"MAL-2026-840","summary":"Malicious code in search-savedsearch-podlet (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (878a9c43dd8ff489c2771eb72e59389391267772d0e64b6dea94a657d0ca7b3a)\nThe package search-savedsearch-podlet was found to contain malicious code.\n\n## Source: ossf-package-analysis (d59a7c90a65781e9c3327c35f8ecc0d3f485bcb62487686d7ba215e7db2eabda)\nThe OpenSSF Package Analysis project identified 'search-savedsearch-podlet' @ 5.4.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-03-23T05:00:19.681286Z","published":"2026-02-10T17:06:06Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-02-10T17:06:06Z","source":"ossf-package-analysis","sha256":"d59a7c90a65781e9c3327c35f8ecc0d3f485bcb62487686d7ba215e7db2eabda","import_time":"2026-02-10T17:26:40.507177582Z","versions":["5.4.5"]},{"modified_time":"2026-02-23T03:51:30Z","source":"amazon-inspector","sha256":"878a9c43dd8ff489c2771eb72e59389391267772d0e64b6dea94a657d0ca7b3a","import_time":"2026-02-23T04:19:45.923232274Z","versions":["5.4.5"]}]},"affected":[{"package":{"name":"search-savedsearch-podlet","ecosystem":"npm","purl":"pkg:npm/search-savedsearch-podlet"},"versions":["5.4.5"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/search-savedsearch-podlet/MAL-2026-840.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}