{"schema_version":"1.7.3","id":"MAL-2025-48946","published":"2025-10-24T13:45:37Z","modified":"2025-10-31T03:25:40Z","summary":"Malicious code in @eqder/bird (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (7acc999c2ea175e62266081a166ad731b10ac9621b965f28186121fbece6a1bb)\nThe package @eqder/bird was found to contain malicious code.\n\n## Source: ossf-package-analysis (055c49030bb5eb245faf651dbc034f0794e2f703a3c42c984c14d9e22f9cce3a)\nThe OpenSSF Package Analysis project identified '@eqder/bird' @ 13.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","affected":[{"package":{"name":"@eqder/bird","ecosystem":"npm","purl":"pkg:npm/%40eqder/bird"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"versions":["13.0.0","10.0.0","12.0.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@eqder/bird/MAL-2025-48946.json"}}],"database_specific":{"malicious-packages-origins":[{"import_time":"2025-10-28T05:37:49.383418905Z","modified_time":"2025-10-24T14:42:35Z","sha256":"055c49030bb5eb245faf651dbc034f0794e2f703a3c42c984c14d9e22f9cce3a","source":"ossf-package-analysis","versions":["13.0.0"]},{"import_time":"2025-10-28T05:37:49.012005953Z","modified_time":"2025-10-24T13:45:37Z","sha256":"350fc02859e5270f558406fc50be9c381f4e53f54c4a9777ed02e83c6b39844a","source":"ossf-package-analysis","versions":["10.0.0"]},{"import_time":"2025-10-28T05:37:49.248189068Z","modified_time":"2025-10-24T14:25:40Z","sha256":"ccb646eaee3e1e0d7da80e415a0780af1b2e1dcb00e8ae468777eba44d956d2a","source":"ossf-package-analysis","versions":["12.0.0"]},{"import_time":"2025-10-31T03:25:17.153098946Z","modified_time":"2025-10-31T03:06:14Z","ranges":[{"events":[{"introduced":"0"}],"type":"SEMVER"}],"sha256":"7acc999c2ea175e62266081a166ad731b10ac9621b965f28186121fbece6a1bb","source":"amazon-inspector"}]},"credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}