MAL-2024-1328

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/discord.js-hex/MAL-2024-1328.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-1328
Published
2024-04-30T22:00:28Z
Modified
2024-05-06T02:38:12Z
Summary
Malicious code in discord.js-hex (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (015a5d02bee306302c82f2de4541e008c6ebcc61804819bf894aac181a1c9eac)

The OpenSSF Package Analysis project identified 'discord.js-hex' @ 1.0.1 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-05-01T17:46:00Z",
            "import_time": "2024-05-06T02:37:55.582665075Z",
            "versions": [
                "1.0.1"
            ],
            "source": "ossf-package-analysis",
            "sha256": "015a5d02bee306302c82f2de4541e008c6ebcc61804819bf894aac181a1c9eac"
        },
        {
            "modified_time": "2024-05-01T17:56:11Z",
            "import_time": "2024-05-06T02:37:55.672194743Z",
            "versions": [
                "1.0.2"
            ],
            "source": "ossf-package-analysis",
            "sha256": "7468760538769377de71ab4e5d14a37338cf2f05b777ecb9925f3faba0f3046f"
        },
        {
            "modified_time": "2024-04-30T22:00:28Z",
            "import_time": "2024-05-06T02:37:55.396480662Z",
            "versions": [
                "1.0.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "df4bfc938fd66dcf8f877e7c31468fb933e46c9241e213f749bc534230019091"
        }
    ]
}
References
Credits

Affected packages

npm / discord.js-hex

Package

Affected ranges

Affected versions

1.*

1.0.0
1.0.1
1.0.2