{"schema_version":"1.7.5","id":"MAL-2026-481","published":"2026-01-23T01:13:12Z","modified":"2026-03-19T12:46:45.426066Z","summary":"Malicious code in oasis-os-provider-messaging (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (cca1eb9a5a42a34b2db68e6d23c9c2cd2cbe7098f742e647c9c6867b342e95ab)\nThe package oasis-os-provider-messaging was found to contain malicious code.\n","affected":[{"package":{"name":"oasis-os-provider-messaging","ecosystem":"npm","purl":"pkg:npm/oasis-os-provider-messaging"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"versions":["1.0.0","8.9.2","8.9.3"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/oasis-os-provider-messaging/MAL-2026-481.json"}}],"database_specific":{"malicious-packages-origins":[{"import_time":"2026-01-23T01:36:45.170000909Z","modified_time":"2026-01-23T01:13:12Z","ranges":[{"events":[{"introduced":"0"}],"type":"SEMVER"}],"sha256":"cca1eb9a5a42a34b2db68e6d23c9c2cd2cbe7098f742e647c9c6867b342e95ab","source":"amazon-inspector"},{"id":"RLMA-2026-01468","import_time":"2026-03-19T12:19:03.827186426Z","modified_time":"2026-03-18T13:01:56Z","sha256":"16182fb86e367d4c76c0172af8b17f9c2819ecf91ef7ddef9a1971e358d7fa09","source":"reversing-labs","versions":["1.0.0","8.9.2","8.9.3"]}]},"credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}