MAL-2024-10875

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vite-plugin-unus-api-register/MAL-2024-10875.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-10875
Published
2024-11-21T20:24:52Z
Modified
2024-11-21T20:24:52Z
Summary
Malicious code in vite-plugin-unus-api-register (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (6cbf2cf83d8f00986eaa1777e8d26cfea1a79007320ea03c06622afb78f2e0cc)

The OpenSSF Package Analysis project identified 'vite-plugin-unus-api-register' @ 6.2.3 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-11-21T20:24:52Z",
            "import_time": "2024-11-21T23:05:43.562051732Z",
            "versions": [
                "6.2.3"
            ],
            "source": "ossf-package-analysis",
            "sha256": "6cbf2cf83d8f00986eaa1777e8d26cfea1a79007320ea03c06622afb78f2e0cc"
        }
    ]
}
References
Credits

Affected packages

npm / vite-plugin-unus-api-register

Package

Name
vite-plugin-unus-api-register
View open source insights on deps.dev
Purl
pkg:npm/vite-plugin-unus-api-register

Affected ranges

Affected versions

6.*

6.2.3