{"schema_version":"1.7.3","id":"MAL-2026-1052","published":"2026-02-26T20:50:45Z","modified":"2026-03-02T00:43:20.217881Z","summary":"Malicious code in foundry-toolkit (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (3762da1ba2c85b0e0210a98196cefcf7914ab00712944886cb47409656409ac6)\nThe package foundry-toolkit was found to contain malicious code.\n\n## Source: ossf-package-analysis (44b93dc5ab17da98c60cb972bea12ad4520e07c984b696d03899e70893c450c8)\nThe OpenSSF Package Analysis project identified 'foundry-toolkit' @ 1.0.11 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","affected":[{"package":{"name":"foundry-toolkit","ecosystem":"npm","purl":"pkg:npm/foundry-toolkit"},"versions":["1.0.5","1.0.2","1.0.1","1.0.11","1.0.14","1.0.9"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/foundry-toolkit/MAL-2026-1052.json"}}],"database_specific":{"malicious-packages-origins":[{"import_time":"2026-02-26T22:12:20.327370381Z","modified_time":"2026-02-26T21:08:39Z","sha256":"3cf89e35ab285581fe9085242663e96ab85dc5372633551f98c0bf406715a6b2","source":"ossf-package-analysis","versions":["1.0.5"]},{"import_time":"2026-02-26T22:12:20.227156973Z","modified_time":"2026-02-26T20:57:06Z","sha256":"9c0e248201666dadac5d03f4b6377a8df3fe5e0cb00ad0223d9da80dc8c07543","source":"ossf-package-analysis","versions":["1.0.2"]},{"import_time":"2026-02-26T22:12:20.151073212Z","modified_time":"2026-02-26T20:50:45Z","sha256":"cf5423d6ae5d78958a3a5767a6d19591200596a5634427b8f7769705de2ccc5f","source":"ossf-package-analysis","versions":["1.0.1"]},{"import_time":"2026-03-01T20:41:58.868208011Z","modified_time":"2026-03-01T20:25:57Z","sha256":"3762da1ba2c85b0e0210a98196cefcf7914ab00712944886cb47409656409ac6","source":"amazon-inspector","versions":["1.0.5","1.0.2","1.0.1"]},{"import_time":"2026-03-02T00:33:48.117421361Z","modified_time":"2026-02-26T22:26:02Z","sha256":"44b93dc5ab17da98c60cb972bea12ad4520e07c984b696d03899e70893c450c8","source":"ossf-package-analysis","versions":["1.0.11"]},{"import_time":"2026-03-02T00:33:48.325570193Z","modified_time":"2026-02-27T01:35:52Z","sha256":"44eb04016af9a8d0b91bc628f6a6d69b0fa4c0e9f2f54b4faa7cc81e19485a58","source":"ossf-package-analysis","versions":["1.0.14"]},{"import_time":"2026-03-02T00:33:47.942413268Z","modified_time":"2026-02-26T21:41:53Z","sha256":"cb16385d7092af7cebb2b2a64518b638584e8837d4b215d9c3fa23d2a84fe9c0","source":"ossf-package-analysis","versions":["1.0.9"]}]},"credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}