{"schema_version":"1.7.5","id":"MAL-2026-310","published":"2026-01-16T00:10:24Z","modified":"2026-03-19T12:48:09.140713Z","summary":"Malicious code in sky1oauth2 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (c3ca06041cd5b933101c6474a9f6054fb9dff579cf44ead75a1d1f906af0d6de)\nThe package sky1oauth2 was found to contain malicious code.\n","affected":[{"package":{"name":"sky1oauth2","ecosystem":"npm","purl":"pkg:npm/sky1oauth2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"versions":["2.0.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/sky1oauth2/MAL-2026-310.json"}}],"database_specific":{"malicious-packages-origins":[{"import_time":"2026-01-16T00:28:47.060889888Z","modified_time":"2026-01-16T00:10:24Z","ranges":[{"events":[{"introduced":"0"}],"type":"SEMVER"}],"sha256":"c3ca06041cd5b933101c6474a9f6054fb9dff579cf44ead75a1d1f906af0d6de","source":"amazon-inspector"},{"id":"RLMA-2026-01576","import_time":"2026-03-19T12:19:10.776276499Z","modified_time":"2026-03-18T13:09:51Z","sha256":"f8fa088b5809ebe4057055835d1c1ca15e22ff37455a0742b3188eac2a3a8522","source":"reversing-labs","versions":["2.0.2"]}]},"credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}