{"schema_version":"1.7.5","id":"MAL-2025-191567","published":"2025-12-01T13:05:09Z","modified":"2026-04-01T12:40:51.421080Z","aliases":["SNYK-JS-CHAISYNC-14152246"],"summary":"Malicious code in chai-sync (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (f58d95adcd5fd2dce29ac379c47d6b4ca7239ae5d1eb53d06617067cc7623938)\nThe package chai-sync was found to contain malicious code.\n","affected":[{"package":{"name":"chai-sync","ecosystem":"npm","purl":"pkg:npm/chai-sync"},"versions":["2.2.4","2.2.6","1.1.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/chai-sync/MAL-2025-191567.json"}}],"references":[{"type":"ARTICLE","url":"https://socket.dev/blog/north-korea-contagious-interview-npm-attacks"},{"type":"ARTICLE","url":"https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html"},{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-JS-CHAISYNC-14152246"}],"database_specific":{"malicious-packages-origins":[{"id":"RLMA-2025-05701","import_time":"2025-12-02T09:09:42.693823974Z","modified_time":"2025-12-01T13:05:09Z","sha256":"dd2e623fc4ef1feee3582c3bba6c89f9923339cf86f383cef500439b31713a56","source":"reversing-labs","versions":["2.2.4","2.2.6"]},{"import_time":"2025-12-02T21:35:55.570610341Z","modified_time":"2025-12-02T21:11:00Z","sha256":"f58d95adcd5fd2dce29ac379c47d6b4ca7239ae5d1eb53d06617067cc7623938","source":"amazon-inspector","versions":["2.2.4","2.2.6"]},{"id":"RLUA-2025-06093","import_time":"2025-12-24T10:07:34.412775047Z","modified_time":"2025-12-23T08:02:22Z","sha256":"ec1194f0b43e545cc35705383e2f3195132acdb7f0117f54a814eac3f7e446fa","source":"reversing-labs"},{"id":"RLUA-2026-01193","import_time":"2026-03-19T12:20:51.849546279Z","modified_time":"2026-03-18T12:43:27Z","sha256":"e306fab58c6a3b7ea982a5c069d4799a198fc2d9a9ecb81b47e9ac7b4253596f","source":"reversing-labs"},{"id":"RLUA-2026-01728","import_time":"2026-04-01T12:26:13.84856985Z","modified_time":"2026-03-24T15:40:16Z","sha256":"fa02c1dd84e38e3cf7de19ecd9c59205baebc39bd1c9aabf12c356cc3e336465","source":"reversing-labs","versions":["1.1.9"]}]},"credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}