{"id":"MAL-2026-940","summary":"Malicious code in abcxyzz (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (8b953a8183a1a7ba906c9117e8afe658b2606311b606d8b3ecad680076fc51e9)\nThe package abcxyzz was found to contain malicious code.\n\n## Source: ossf-package-analysis (b22a45e3a267d5930d5e8dfdb52954bf049c7b63a9bdb0818e5daff1191e7423)\nThe OpenSSF Package Analysis project identified 'abcxyzz' @ 9.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-03-23T04:54:01.404070Z","published":"2026-02-18T09:35:39Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-02-18T09:35:39Z","import_time":"2026-02-19T22:45:35.68043549Z","sha256":"b22a45e3a267d5930d5e8dfdb52954bf049c7b63a9bdb0818e5daff1191e7423","versions":["9.9.9"],"source":"ossf-package-analysis"},{"modified_time":"2026-02-23T03:51:30Z","import_time":"2026-02-23T04:19:45.146972843Z","sha256":"8b953a8183a1a7ba906c9117e8afe658b2606311b606d8b3ecad680076fc51e9","versions":["9.9.9"],"source":"amazon-inspector"}]},"affected":[{"package":{"name":"abcxyzz","ecosystem":"npm","purl":"pkg:npm/abcxyzz"},"versions":["9.9.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/abcxyzz/MAL-2026-940.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}