Malicious code in test-pkg-blabla (npm)

2024-06-0918:00:33

Google

osv.dev

malicious

communication

package

npm

7.1 High

AI Score

Confidence

High

JSON

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (3bfaca810c52dc5570fa40d75892333e31b5783eb2daa0f64c6db415c0e4ef79)

The OpenSSF Package Analysis project identified ‘test-pkg-blabla’ @ 1.0.11 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

CPENameOperatorVersion
test-pkg-blablaeq1.0.10
test-pkg-blablaeq1.0.3
test-pkg-blablaeq1.0.14
test-pkg-blablaeq1.0.11
test-pkg-blablaeq1.0.12
test-pkg-blablaeq1.0.7
test-pkg-blablaeq1.0.13
test-pkg-blablaeq1.0.4
test-pkg-blablaeq1.0.8
test-pkg-blablaeq1.0.1

Name	Operator	Version
test-pkg-blabla	eq	1.0.10
test-pkg-blabla	eq	1.0.3
test-pkg-blabla	eq	1.0.14
test-pkg-blabla	eq	1.0.11
test-pkg-blabla	eq	1.0.12
test-pkg-blabla	eq	1.0.7
test-pkg-blabla	eq	1.0.13
test-pkg-blabla	eq	1.0.4
test-pkg-blabla	eq	1.0.8
test-pkg-blabla	eq	1.0.1

Rows per page:

1-10 of 121

7.1 High

AI Score

Confidence

High

JSON