Malicious code in @wdp-gov/catalog-serialization-engine (npm)

2024-06-2613:35:45

Google

osv.dev

malicious code

npm package

catalog serialization engine

7.1 High

AI Score

Confidence

High

JSON

-= Per source details. Do not edit below this line.=-

Source: ossf-package-analysis (279671687dd3fcc407084cb5aeaab3c707cf47164e8b81c3f1665b61ce19dfd9)

The OpenSSF Package Analysis project identified ‘@wdp-gov/catalog-serialization-engine’ @ 3.0.195 (npm) as malicious.

It is considered malicious because:

The package communicates with a domain associated with malicious activity.

CPENameOperatorVersion
@wdp-gov/catalog-serialization-engineeq2.2.5
@wdp-gov/catalog-serialization-engineeq3.1.4
@wdp-gov/catalog-serialization-engineeq3.0.161
@wdp-gov/catalog-serialization-engineeq3.0.195

Name	Operator	Version
@wdp-gov/catalog-serialization-engine	eq	2.2.5
@wdp-gov/catalog-serialization-engine	eq	3.1.4
@wdp-gov/catalog-serialization-engine	eq	3.0.161
@wdp-gov/catalog-serialization-engine	eq	3.0.195

7.1 High

AI Score

Confidence

High

JSON