diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 4ef0438d9..4cc5b4d3c 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20241123/015455-npm-graph-studio-billing-contracts-0.0.1.json + confident/: confident/20241123/015727-npm-@framgia/test-9.0.1.json reversing-labs: RLMA-: RLMA-2024-09529.json RLUA-: RLUA-2024-10363.json diff --git a/osv/malicious/npm/kiosk-cli/MAL-0000-ossf-package-analysis-d10fc6445fc263d9.json b/osv/malicious/npm/kiosk-cli/MAL-0000-ossf-package-analysis-d10fc6445fc263d9.json new file mode 100644 index 000000000..ed0ab407a --- /dev/null +++ b/osv/malicious/npm/kiosk-cli/MAL-0000-ossf-package-analysis-d10fc6445fc263d9.json @@ -0,0 +1,42 @@ +{ + "modified": "2024-11-23T13:49:34Z", + "published": "2024-11-23T13:49:34Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in kiosk-cli (npm)", + "details": "The OpenSSF Package Analysis project identified 'kiosk-cli' @ 0.0.1 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "kiosk-cli" + }, + "versions": [ + "0.0.1" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "d10fc6445fc263d9c6f0c23db444b973404b62737bf4b43bdfb438bbfefb8012", + "import_time": "2024-11-23T14:04:58.87676227Z", + "modified_time": "2024-11-23T13:49:34Z", + "versions": [ + "0.0.1" + ] + } + ] + } +}