Ingest OSV - Cloud Storage

Author: github-actions

config/start-keys.yaml

@@ -5,7 +5,7 @@ kam193:
     pypi/packages/pentest/osv/: 0d65fa30569acb74a4cd2f6968297f9cf794b510
     pypi/packages/probably_pentest/osv/: d85355ff7c5f46aa548621c0248747e10eee650a
 ossf-package-analysis:
-    confident/: confident/20260321/132849-npm-characterai-poc-1.0.0.json
+    confident/: confident/20260321/183346-npm-uipathisfun-1.0.33.json
 reversing-labs:
     RLMA-: RLMA-2026-01666.json
     RLUA-: RLUA-2026-01611.json

osv/malicious/npm/@mesh-components/card/MAL-0000-ossf-package-analysis-40f7a614db4f6d3c.json

@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-22T05:55:53Z",
+  "published": "2026-03-22T05:55:53Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in @mesh-components/card (npm)",
+  "details": "The OpenSSF Package Analysis project identified '@mesh-components/card' @ 99999.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@mesh-components/card"
+      },
+      "versions": [
+        "99999.0.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "40f7a614db4f6d3c3a128c80f24ff11581c968a84522dd84308acafec09f569a",
+        "import_time": "2026-03-22T06:22:29.577336929Z",
+        "modified_time": "2026-03-22T05:55:53Z",
+        "versions": [
+          "99999.0.0"
+        ]
+      }
+    ]
+  }
+}

osv/malicious/npm/@mesh-components/customthemeprovider/MAL-0000-ossf-package-analysis-0ba7699d05c1cb95.json

@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-22T05:55:36Z",
+  "published": "2026-03-22T05:55:36Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in @mesh-components/customthemeprovider (npm)",
+  "details": "The OpenSSF Package Analysis project identified '@mesh-components/customthemeprovider' @ 99999.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@mesh-components/customthemeprovider"
+      },
+      "versions": [
+        "99999.0.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "0ba7699d05c1cb95acd0b80e8a03bc6cb8eb0fa29339f261fe7d5d637ecd7550",
+        "import_time": "2026-03-22T06:22:29.513153315Z",
+        "modified_time": "2026-03-22T05:55:36Z",
+        "versions": [
+          "99999.0.0"
+        ]
+      }
+    ]
+  }
+}

osv/malicious/npm/@mesh-helpers/themehelper/MAL-0000-ossf-package-analysis-4025b0ac5fa876e2.json

@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-22T06:07:52Z",
+  "published": "2026-03-22T06:07:52Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in @mesh-helpers/themehelper (npm)",
+  "details": "The OpenSSF Package Analysis project identified '@mesh-helpers/themehelper' @ 99999.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@mesh-helpers/themehelper"
+      },
+      "versions": [
+        "99999.0.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "4025b0ac5fa876e2c465db2fdd4fab6d93919502a53d1c0673411e3515cd3e72",
+        "import_time": "2026-03-22T06:22:29.658491518Z",
+        "modified_time": "2026-03-22T06:07:52Z",
+        "versions": [
+          "99999.0.0"
+        ]
+      }
+    ]
+  }
+}

osv/malicious/npm/repo-typescript-config/MAL-0000-ossf-package-analysis-7da27827fc7afc55.json

@@ -0,0 +1,42 @@
+{
+  "modified": "2026-03-22T06:15:56Z",
+  "published": "2026-03-22T06:15:56Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in repo-typescript-config (npm)",
+  "details": "The OpenSSF Package Analysis project identified 'repo-typescript-config' @ 99.0.11 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "repo-typescript-config"
+      },
+      "versions": [
+        "99.0.11"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "7da27827fc7afc556d812f27d2840b817ba4f1ef06bb438c016a11be3496ab40",
+        "import_time": "2026-03-22T06:22:29.72794713Z",
+        "modified_time": "2026-03-22T06:15:56Z",
+        "versions": [
+          "99.0.11"
+        ]
+      }
+    ]
+  }
+}