{"schema_version":"1.7.3","id":"MAL-2025-192283","published":"2025-12-03T19:42:46Z","modified":"2025-12-24T00:23:45.710807Z","summary":"Malicious code in elf-stats-sparkly-candy-805 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (604bccab8df7d0898478ee7f58c010dbc4d632595944bbddf5c782e15e62a6c7)\nThe package elf-stats-sparkly-candy-805 was found to contain malicious code.\n","affected":[{"package":{"name":"elf-stats-sparkly-candy-805","ecosystem":"npm","purl":"pkg:npm/elf-stats-sparkly-candy-805"},"versions":["2.0.0","1.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/elf-stats-sparkly-candy-805/MAL-2025-192283.json"}}],"database_specific":{"malicious-packages-origins":[{"import_time":"2025-12-03T20:08:33.088287916Z","modified_time":"2025-12-03T19:46:17Z","sha256":"604bccab8df7d0898478ee7f58c010dbc4d632595944bbddf5c782e15e62a6c7","source":"amazon-inspector","versions":["2.0.0"]},{"import_time":"2025-12-03T20:08:32.569378803Z","modified_time":"2025-12-03T19:42:46Z","sha256":"833df5ce3ccf5e5eb63ae3f0ce82e6d5ed0421c5550a40f1bbc3ce0a96d542f8","source":"amazon-inspector","versions":["1.0.0"]},{"id":"RLMA-2025-06295","import_time":"2025-12-23T21:36:17.957303789Z","modified_time":"2025-12-23T08:10:32Z","sha256":"f738bf5360a765c37104905200e1c9508f3157bd59d3dd42b5cb946ef74125d7","source":"reversing-labs","versions":["1.0.0","2.0.0"]}]},"credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}