MAL-2024-1352

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@aluffyz/discord-botjs/MAL-2024-1352.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-1352
Published
2024-05-04T00:13:11Z
Modified
2024-05-09T01:28:39Z
Summary
Malicious code in @aluffyz/discord-botjs (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (19d4e14d28ee6d6844110ceb637db248af639739f0215ffe4336c12482e453fb)

The OpenSSF Package Analysis project identified '@aluffyz/discord-botjs' @ 1.4.5 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-05-05T20:01:38Z",
            "import_time": "2024-05-09T01:28:24.098140913Z",
            "versions": [
                "1.4.5"
            ],
            "source": "ossf-package-analysis",
            "sha256": "19d4e14d28ee6d6844110ceb637db248af639739f0215ffe4336c12482e453fb"
        },
        {
            "modified_time": "2024-05-04T00:13:11Z",
            "import_time": "2024-05-09T01:28:23.990093367Z",
            "versions": [
                "1.4.3"
            ],
            "source": "ossf-package-analysis",
            "sha256": "296a70ef5223b32203993fd4d9a7d3b4bfa0e8790d83dbd43057d6d8e61eb009"
        },
        {
            "modified_time": "2024-05-06T00:50:36Z",
            "import_time": "2024-05-09T01:28:24.212324147Z",
            "versions": [
                "1.4.7"
            ],
            "source": "ossf-package-analysis",
            "sha256": "f62eac4a58254d4e66cea262d564ca48b11cfed4c5182a0f16be9f3a73fc852d"
        }
    ]
}
References
Credits

Affected packages

npm / @aluffyz/discord-botjs

Package

Name
@aluffyz/discord-botjs
View open source insights on deps.dev
Purl
pkg:npm/%40aluffyz/discord-botjs

Affected ranges

Affected versions

1.*

1.4.3
1.4.5
1.4.7