MAL-2023-1334

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/verycoolzpac/MAL-2023-1334.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2023-1334
Published
2023-05-12T03:49:58Z
Modified
2024-06-28T02:53:18Z
Summary
Malicious code in verycoolzpac (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (5375ee65b8d94a515b53e30980d783a66b8f75c2ad0f388f471e41b0dada5587)

The OpenSSF Package Analysis project identified 'verycoolzpac' @ 0.39.9999 (npm) as malicious.

It is considered malicious because: - The package communicates with a domain associated with malicious activity.

Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.3.7"
            ],
            "modified_time": "2023-05-12T03:53:11.865054495Z",
            "import_time": "2023-08-10T06:15:53.278832363Z",
            "sha256": "353d71cbdc52244d23bd12e410763727b638fda3756e0fb348c4e7159ee70b49",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "0.39.9999"
            ],
            "modified_time": "2023-05-12T03:56:30.900430314Z",
            "import_time": "2023-08-10T06:15:53.51822699Z",
            "sha256": "5375ee65b8d94a515b53e30980d783a66b8f75c2ad0f388f471e41b0dada5587",
            "source": "ossf-package-analysis"
        },
        {
            "versions": [
                "0.3.1"
            ],
            "modified_time": "2023-05-12T03:49:58.900570777Z",
            "import_time": "2023-08-10T06:15:53.068767234Z",
            "sha256": "fe3a897e9eb8e24c29575d753a81fc9ff82b09f060b8b17d31ce7cab41d4da72",
            "source": "ossf-package-analysis"
        },
        {
            "source": "reversing-labs",
            "versions": [
                "0.3.4",
                "0.3.9",
                "0.2.9",
                "0.3.1",
                "0.3.3",
                "0.3.2",
                "0.39.9999",
                "0.2.5",
                "0.3.8",
                "0.2.6",
                "0.3.6",
                "0.2.7",
                "0.3.0",
                "0.3.5",
                "0.2.8",
                "0.3.7"
            ],
            "modified_time": "2024-06-25T13:18:59Z",
            "import_time": "2024-06-28T02:46:22.917094006Z",
            "sha256": "02d85233b5468b1de2eeea2ef727f57545dbf06c930bf95eb492ba132d47f8c3",
            "id": "RLMA-2024-02591"
        }
    ]
}
References
Credits

Affected packages

npm / verycoolzpac

Package

Name
verycoolzpac
View open source insights on deps.dev
Purl
pkg:npm/verycoolzpac

Affected ranges

Affected versions

0.*

0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.39.9999