MAL-2026-3362

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/24712-pl5006/MAL-2026-3362.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2026-3362
Published
2026-05-07T00:05:57Z
Modified
2026-05-07T01:05:52.130238Z
Summary
Malicious code in 24712-pl5006 (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (115fd80ded696b407b50be96be06645124c2e3c5ca360f283388fcd4bcf3b2de)

The OpenSSF Package Analysis project identified '24712-pl5006' @ 0.0.4 (npm) as malicious.

It is considered malicious because:

  • The package communicates with a domain associated with malicious activity.
Database specific 
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-05-07T00:48:46.033737416Z",
            "source": "ossf-package-analysis",
            "sha256": "115fd80ded696b407b50be96be06645124c2e3c5ca360f283388fcd4bcf3b2de",
            "modified_time": "2026-05-07T00:10:49Z",
            "versions": [
                "0.0.4"
            ]
        },
        {
            "import_time": "2026-05-07T00:48:45.908477679Z",
            "source": "ossf-package-analysis",
            "sha256": "5c998277f8ad56f2757fe4a9a41de3e65f6c04442079c74b14497f1712a6f00b",
            "modified_time": "2026-05-07T00:05:57Z",
            "versions": [
                "0.0.2"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / 24712-pl5006

Package

Name
24712-pl5006
View open source insights on deps.dev
Purl
pkg:npm/24712-pl5006

Affected ranges

Affected versions

0.*
0.0.2
0.0.4

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/24712-pl5006/MAL-2026-3362.json"