diff --git a/config/start-keys.yaml b/config/start-keys.yaml index 0ca6487e9..33c71e4cd 100644 --- a/config/start-keys.yaml +++ b/config/start-keys.yaml @@ -1,5 +1,5 @@ ossf-package-analysis: - confident/: confident/20250107/094014-npm-electron-builder-13-13.4.5.json + confident/: confident/20250107/102445-npm-electron-builder-13-13.6.5.json reversing-labs: RLMA-: RLMA-2024-11212.json RLUA-: RLUA-2024-11114.json diff --git a/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json b/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json new file mode 100644 index 000000000..28cf898a4 --- /dev/null +++ b/osv/malicious/npm/cursor-shadow-workspace/MAL-0000-ossf-package-analysis-a31b5e92c54e6006.json @@ -0,0 +1,42 @@ +{ + "modified": "2025-01-07T16:17:48Z", + "published": "2025-01-07T16:17:48Z", + "schema_version": "1.5.0", + "id": "", + "summary": "Malicious code in cursor-shadow-workspace (npm)", + "details": "The OpenSSF Package Analysis project identified 'cursor-shadow-workspace' @ 1.0.3 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n", + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "cursor-shadow-workspace" + }, + "versions": [ + "1.0.3" + ] + } + ], + "credits": [ + { + "name": "OpenSSF: Package Analysis", + "type": "FINDER", + "contact": [ + "https://github.com/ossf/package-analysis", + "https://openssf.slack.com/channels/package_analysis" + ] + } + ], + "database_specific": { + "malicious-packages-origins": [ + { + "source": "ossf-package-analysis", + "sha256": "a31b5e92c54e600697bfe041fe85ea104f7de0c4f1f2151542a6980aa48890bd", + "import_time": "2025-01-07T16:18:30.343177305Z", + "modified_time": "2025-01-07T16:17:48Z", + "versions": [ + "1.0.3" + ] + } + ] + } +}