MAL-2024-1539

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mapbox-demo-gl-style-spec/MAL-2024-1539.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-1539
Published
2024-06-06T14:45:52Z
Modified
2024-06-06T14:45:52Z
Summary
Malicious code in mapbox-demo-gl-style-spec (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (fa5a509685be972fc15ceb454b2c3768fd8dd7c5162f11471642ab34e1f34fb9)

The OpenSSF Package Analysis project identified 'mapbox-demo-gl-style-spec' @ 14.4.0 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-06-06T14:45:52Z",
            "import_time": "2024-06-06T15:04:43.293764836Z",
            "versions": [
                "14.4.0"
            ],
            "source": "ossf-package-analysis",
            "sha256": "fa5a509685be972fc15ceb454b2c3768fd8dd7c5162f11471642ab34e1f34fb9"
        }
    ]
}
References
Credits

Affected packages

npm / mapbox-demo-gl-style-spec

Package

Name
mapbox-demo-gl-style-spec
View open source insights on deps.dev
Purl
pkg:npm/mapbox-demo-gl-style-spec

Affected ranges

Affected versions

14.*

14.4.0