MAL-2025-6817

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/nestjs-datadog/MAL-2025-6817.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2025-6817
Published
2025-08-11T02:56:06Z
Modified
2025-08-18T06:10:43Z
Summary
Malicious code in nestjs-datadog (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (bd646630e4e4b32350e3698792f7e678a5be4aa1167c630d0bef9cb4d491c441)

The OpenSSF Package Analysis project identified 'nestjs-datadog' @ 500.0.2 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.

  • The package executes one or more commands associated with malicious behavior.

Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2025-08-11T03:35:53.870754549Z",
            "modified_time": "2025-08-11T02:56:06Z",
            "source": "ossf-package-analysis",
            "versions": [
                "500.0.2"
            ],
            "sha256": "bd646630e4e4b32350e3698792f7e678a5be4aa1167c630d0bef9cb4d491c441"
        },
        {
            "import_time": "2025-08-11T04:47:27.88345764Z",
            "modified_time": "2025-08-11T04:26:52Z",
            "source": "ossf-package-analysis",
            "versions": [
                "500.0.5"
            ],
            "sha256": "38e963b21aa78076734baa306ebbc7989c4277b0d3f2d32244cca8d62e88ff20"
        },
        {
            "import_time": "2025-08-18T06:09:45.599660828Z",
            "modified_time": "2025-08-14T08:48:26Z",
            "source": "ossf-package-analysis",
            "versions": [
                "500.0.8"
            ],
            "sha256": "14316bbd5d4c377d667cb000c2fd107fcd6ca7989ec911aabbbe633191c285bd"
        },
        {
            "import_time": "2025-08-18T06:09:45.800672927Z",
            "modified_time": "2025-08-14T09:15:59Z",
            "source": "ossf-package-analysis",
            "versions": [
                "500.0.10"
            ],
            "sha256": "2aa105d06ea948bee1c301999127575e1de16ac50574e061569f32527addcb4b"
        },
        {
            "import_time": "2025-08-18T06:09:45.88255032Z",
            "modified_time": "2025-08-14T09:20:58Z",
            "source": "ossf-package-analysis",
            "versions": [
                "500.0.13"
            ],
            "sha256": "7f07b1c4e0bc06ee96a918d4f10af032419dcc2691f8a2977652f9b0ed969ac2"
        }
    ]
}
References
Credits

Affected packages

npm / nestjs-datadog

Package

Name
nestjs-datadog
View open source insights on deps.dev
Purl
pkg:npm/nestjs-datadog

Affected ranges

Affected versions

500.*

500.0.2
500.0.5
500.0.8
500.0.10
500.0.13