{"schema_version":"1.7.3","id":"MAL-2026-448","published":"2026-01-22T07:50:51Z","modified":"2026-01-23T01:52:45.675621Z","summary":"Malicious code in rank253222 (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (b5018dad195b0f107123f1ab9240ebe4944cd08688982be0c2e9c6203ba9cff1)\nThe package rank253222 was found to contain malicious code.\n\n## Source: ossf-package-analysis (1144fbc4237182c8daebd781f34df7ec24e61f4c826e481dbfa9d7b0bffaeabe)\nThe OpenSSF Package Analysis project identified 'rank253222' @ 1.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n","affected":[{"package":{"name":"rank253222","ecosystem":"npm","purl":"pkg:npm/rank253222"},"versions":["1.0.1","1.0.0","1.0.6","1.0.8"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/rank253222/MAL-2026-448.json"}}],"database_specific":{"malicious-packages-origins":[{"import_time":"2026-01-22T08:09:37.837324886Z","modified_time":"2026-01-22T08:00:49Z","sha256":"1144fbc4237182c8daebd781f34df7ec24e61f4c826e481dbfa9d7b0bffaeabe","source":"ossf-package-analysis","versions":["1.0.1"]},{"import_time":"2026-01-22T08:09:37.742698968Z","modified_time":"2026-01-22T07:50:51Z","sha256":"d14b07e8aa625cbb0133786a7ecd3fc6557ef16fb1a60d95122597ad48bb1bbf","source":"ossf-package-analysis","versions":["1.0.0"]},{"import_time":"2026-01-22T08:46:48.757566311Z","modified_time":"2026-01-22T08:30:45Z","sha256":"600ee373e6755a5883fe737f3cab5f059ed62afb0eece28a10da54986ceebf29","source":"ossf-package-analysis","versions":["1.0.6"]},{"import_time":"2026-01-22T08:46:48.884168886Z","modified_time":"2026-01-22T08:35:50Z","sha256":"72ac3aea2ea8c56c4c573f747f6d1105a22a3f4165bf43cc02f445fba86b9401","source":"ossf-package-analysis","versions":["1.0.8"]},{"import_time":"2026-01-23T01:36:51.370490526Z","modified_time":"2026-01-23T01:13:12Z","sha256":"b5018dad195b0f107123f1ab9240ebe4944cd08688982be0c2e9c6203ba9cff1","source":"amazon-inspector","versions":["1.0.1","1.0.0","1.0.6","1.0.8"]}]},"credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}