Ingest OSV - Cloud Storage

github-actions · github-actions · commit 60c8bbe61fba · 2026-03-21T07:17:39.000Z
diff --git a/config/start-keys.yaml b/config/start-keys.yaml
@@ -5,7 +5,7 @@ kam193:
     pypi/packages/pentest/osv/: 0d65fa30569acb74a4cd2f6968297f9cf794b510
     pypi/packages/probably_pentest/osv/: 35f59069e67ec2e539784d8a8df54bce0b7a7b74
 ossf-package-analysis:
-    confident/: confident/20260320/114104-npm-puzzle-gateway-2.4.0.json
+    confident/: confident/20260320/114411-npm-delphoi-1.8.2.json
 reversing-labs:
     RLMA-: RLMA-2026-01666.json
     RLUA-: RLUA-2026-01611.json
diff --git a/osv/malicious/npm/uipathisfun/MAL-0000-ossf-package-analysis-59dae4fd2d4c98b7.json b/osv/malicious/npm/uipathisfun/MAL-0000-ossf-package-analysis-59dae4fd2d4c98b7.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-21T07:13:46Z",
+  "published": "2026-03-21T07:13:46Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in uipathisfun (npm)",
+  "details": "The OpenSSF Package Analysis project identified 'uipathisfun' @ 1.0.8 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "uipathisfun"
+      },
+      "versions": [
+        "1.0.8"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "59dae4fd2d4c98b7c3b3e9c7d4a34bb9938ff9fb06759cc898b3839f61a71ad8",
+        "import_time": "2026-03-21T07:17:06.704486183Z",
+        "modified_time": "2026-03-21T07:13:46Z",
+        "versions": [
+          "1.0.8"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/npm/uipathisfun/MAL-0000-ossf-package-analysis-afa1f230f0ec74b5.json b/osv/malicious/npm/uipathisfun/MAL-0000-ossf-package-analysis-afa1f230f0ec74b5.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-21T07:10:45Z",
+  "published": "2026-03-21T07:10:45Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in uipathisfun (npm)",
+  "details": "The OpenSSF Package Analysis project identified 'uipathisfun' @ 1.0.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "uipathisfun"
+      },
+      "versions": [
+        "1.0.9"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "afa1f230f0ec74b54fd0bd3f451ab29041aa25e8502ec88cf82fa593519e08c5",
+        "import_time": "2026-03-21T07:17:06.630094801Z",
+        "modified_time": "2026-03-21T07:10:45Z",
+        "versions": [
+          "1.0.9"
+        ]
+      }
+    ]
+  }
+}
