MAL-2025-5321
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/sdk.babelhelpers/MAL-2025-5321.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MAL-2025-5321
- Published
- 2025-06-29T21:20:50Z
- Modified
- 2025-07-01T16:07:08Z
- Summary
- Malicious code in sdk.babelhelpers (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: ossf-package-analysis (61041d09d3a2f2f78a8e6bd7cfc5335a8c0f58d92eb653df9a19b46e808e7206)
The OpenSSF Package Analysis project identified 'sdk.babelhelpers' @ 1.0.3 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
- Database specific
{ "malicious-packages-origins": [ { "import_time": "2025-06-29T21:34:26.801172107Z", "source": "ossf-package-analysis", "sha256": "61041d09d3a2f2f78a8e6bd7cfc5335a8c0f58d92eb653df9a19b46e808e7206", "versions": [ "1.0.3" ], "modified_time": "2025-06-29T21:25:17Z" }, { "import_time": "2025-06-29T21:34:26.654424804Z", "source": "ossf-package-analysis", "sha256": "b04382832a88195b3ccae53d2868143c4ec72fa6f2bf0db2cf44bb2afbe02490", "versions": [ "1.0.2" ], "modified_time": "2025-06-29T21:20:50Z" }, { "import_time": "2025-06-29T22:05:13.522128777Z", "source": "ossf-package-analysis", "sha256": "0969b71298261b2948ed9810d7c9da77a260ea9cfd2f8c1153711d59027113ee", "versions": [ "1.0.4" ], "modified_time": "2025-06-29T21:40:46Z" }, { "import_time": "2025-07-01T16:06:38.976422242Z", "source": "ossf-package-analysis", "sha256": "3099cfe2374eb13a1a2d571e88d3d5c86341b71131d28ac4817ae9a9058195d7", "versions": [ "5.0.2" ], "modified_time": "2025-07-01T15:49:40Z" } ] }- References
-
- Credits
-
-
- OpenSSF: Package Analysis - FINDER
-
Affected packages
npm / sdk.babelhelpers
Package
- Name
- sdk.babelhelpers
- View open source insights on deps.dev
- Purl
- pkg:npm/sdk.babelhelpers