{"schema_version":"1.7.3","id":"MAL-2025-192421","published":"2025-12-10T02:40:38Z","modified":"2025-12-10T21:33:21.468673Z","summary":"Malicious code in vue2-amis-custom-widget123 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (027b467c811b36f60dc7589ccd8251ffc56de7f40345d6a471a3a550a2a8df7e)\nThe package vue2-amis-custom-widget123 was found to contain malicious code.\n\n## Source: ossf-package-analysis (018e1afd132bd0aec80c62fc9671bdf5ed78a9bbecfac952c40fce3d7f02d876)\nThe OpenSSF Package Analysis project identified 'vue2-amis-custom-widget123' @ 1.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","affected":[{"package":{"name":"vue2-amis-custom-widget123","ecosystem":"npm","purl":"pkg:npm/vue2-amis-custom-widget123"},"versions":["1.0.5","1.0.3","1.0.6","1.1.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vue2-amis-custom-widget123/MAL-2025-192421.json"}}],"database_specific":{"malicious-packages-origins":[{"import_time":"2025-12-10T03:33:59.668515289Z","modified_time":"2025-12-10T03:01:06Z","sha256":"018e1afd132bd0aec80c62fc9671bdf5ed78a9bbecfac952c40fce3d7f02d876","source":"ossf-package-analysis","versions":["1.0.5"]},{"import_time":"2025-12-10T03:33:59.537182587Z","modified_time":"2025-12-10T02:40:38Z","sha256":"6ac9017b95cacd5325a4774eab343fa19d02477d0e700fbd20e1c638aa0edaf4","source":"ossf-package-analysis","versions":["1.0.3"]},{"import_time":"2025-12-10T03:33:59.982127512Z","modified_time":"2025-12-10T03:12:48Z","sha256":"721523ae35f9ed32ec5dc8c8b40a3e8a81c376abcc01483ea4579daab2efedd4","source":"ossf-package-analysis","versions":["1.0.6"]},{"import_time":"2025-12-10T04:15:17.25696752Z","modified_time":"2025-12-10T03:40:45Z","sha256":"a33f0f8a13fc90e4d8161e14aabbb659fcef0a15efedeb0186595d25d4ea4d36","source":"ossf-package-analysis","versions":["1.1.0"]},{"import_time":"2025-12-10T21:07:49.034118899Z","modified_time":"2025-12-10T21:03:50Z","sha256":"027b467c811b36f60dc7589ccd8251ffc56de7f40345d6a471a3a550a2a8df7e","source":"amazon-inspector","versions":["1.0.5","1.0.3","1.0.6","1.1.0"]}]},"credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}