Assign IDs

github-actions · github-actions · commit e7184d70475e · 2026-03-21T10:11:23.000Z
diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator
@@ -1 +1 @@
-26a2261841e0673784f5b0fa1366d258b64ff1eff272ee2898badd21cb44a752
+2a112d2e60199691f667f14901cfaca8848561ca4562fcef231c2b0cad7f180f
diff --git a/osv/malicious/npm/nintendoamerica-ncom/MAL-0000-ossf-package-analysis-e77b311f9b7e9e93.json b/osv/malicious/npm/nintendoamerica-ncom/MAL-0000-ossf-package-analysis-e77b311f9b7e9e93.json
diff --git a/osv/malicious/npm/nintendoamerica-ncom/MAL-2026-2008.json b/osv/malicious/npm/nintendoamerica-ncom/MAL-2026-2008.json
@@ -1,18 +1,19 @@
 {
-  "modified": "2026-03-21T05:40:41Z",
+  "modified": "2026-03-21T10:10:54Z",
   "published": "2026-03-21T05:40:41Z",
   "schema_version": "1.7.4",
   "id": "MAL-2026-2008",
   "summary": "Malicious code in nintendoamerica-ncom (npm)",
-  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (7b638ac33d4412bfc3c7d3bc1d5f935f1966b743badfe353e134ff907d3e1b8f)\nThe OpenSSF Package Analysis project identified 'nintendoamerica-ncom' @ 1.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (e77b311f9b7e9e9303cab9b4b2a926d9dd50cbd5cc8196be52e888925f36bb89)\nThe OpenSSF Package Analysis project identified 'nintendoamerica-ncom' @ 99.0.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
   "affected": [
     {
       "package": {
         "ecosystem": "npm",
         "name": "nintendoamerica-ncom"
       },
       "versions": [
-        "1.0.5"
+        "1.0.5",
+        "99.0.7"
       ]
     }
   ],
@@ -29,13 +30,22 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
+        "source": "ossf-package-analysis",
+        "sha256": "7b638ac33d4412bfc3c7d3bc1d5f935f1966b743badfe353e134ff907d3e1b8f",
         "import_time": "2026-03-21T05:47:19.194998093Z",
         "modified_time": "2026-03-21T05:40:41Z",
-        "sha256": "7b638ac33d4412bfc3c7d3bc1d5f935f1966b743badfe353e134ff907d3e1b8f",
-        "source": "ossf-package-analysis",
         "versions": [
           "1.0.5"
         ]
+      },
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "e77b311f9b7e9e9303cab9b4b2a926d9dd50cbd5cc8196be52e888925f36bb89",
+        "import_time": "2026-03-21T10:08:51.495852685Z",
+        "modified_time": "2026-03-21T10:05:44Z",
+        "versions": [
+          "99.0.7"
+        ]
       }
     ]
   }
diff --git a/osv/malicious/npm/uipathisfun/MAL-0000-ossf-package-analysis-f68ed829f1cbda04.json b/osv/malicious/npm/uipathisfun/MAL-0000-ossf-package-analysis-f68ed829f1cbda04.json
diff --git a/osv/malicious/npm/uipathisfun/MAL-2026-1983.json b/osv/malicious/npm/uipathisfun/MAL-2026-1983.json
@@ -1,5 +1,5 @@
 {
-  "modified": "2026-03-21T09:46:11Z",
+  "modified": "2026-03-21T10:10:56Z",
   "published": "2026-03-20T07:05:46Z",
   "schema_version": "1.7.4",
   "id": "MAL-2026-1983",
@@ -23,7 +23,8 @@
         "1.0.14",
         "1.0.15",
         "1.0.16",
-        "1.0.17"
+        "1.0.17",
+        "1.0.20"
       ]
     }
   ],
@@ -146,6 +147,15 @@
         "versions": [
           "1.0.17"
         ]
+      },
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "f68ed829f1cbda041340ebd648283ab5fd5ab2c539e09590a949b63f4550e0b4",
+        "import_time": "2026-03-21T10:08:51.441195517Z",
+        "modified_time": "2026-03-21T09:56:47Z",
+        "versions": [
+          "1.0.20"
+        ]
       }
     ]
   }
diff --git a/osv/malicious/npm/yelp-react-component-badge/MAL-2026-2010.json b/osv/malicious/npm/yelp-react-component-badge/MAL-2026-2010.json
@@ -2,9 +2,9 @@
   "modified": "2026-03-21T09:50:35Z",
   "published": "2026-03-21T09:50:35Z",
   "schema_version": "1.7.4",
-  "id": "",
+  "id": "MAL-2026-2010",
   "summary": "Malicious code in yelp-react-component-badge (npm)",
-  "details": "The OpenSSF Package Analysis project identified 'yelp-react-component-badge' @ 99.0.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (8b6dade7daa9669ae0230e60fbdcca448ec07c3e0386b27e324be83e525cadca)\nThe OpenSSF Package Analysis project identified 'yelp-react-component-badge' @ 99.0.4 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
   "affected": [
     {
       "package": {
@@ -29,10 +29,10 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
-        "source": "ossf-package-analysis",
-        "sha256": "8b6dade7daa9669ae0230e60fbdcca448ec07c3e0386b27e324be83e525cadca",
         "import_time": "2026-03-21T10:08:51.358143247Z",
         "modified_time": "2026-03-21T09:50:35Z",
+        "sha256": "8b6dade7daa9669ae0230e60fbdcca448ec07c3e0386b27e324be83e525cadca",
+        "source": "ossf-package-analysis",
         "versions": [
           "99.0.4"
         ]

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-26a2261841e0673784f5b0fa1366d258b64ff1eff272ee2898badd21cb44a752`
	`1`	`+2a112d2e60199691f667f14901cfaca8848561ca4562fcef231c2b0cad7f180f`
Original file line number	Diff line number	Diff line change
`@@ -1,18 +1,19 @@`
`1`	`1`	`{`
`2`		`- "modified": "2026-03-21T05:40:41Z",`
	`2`	`+ "modified": "2026-03-21T10:10:54Z",`
`3`	`3`	`"published": "2026-03-21T05:40:41Z",`
`4`	`4`	`"schema_version": "1.7.4",`
`5`	`5`	`"id": "MAL-2026-2008",`
`6`	`6`	`"summary": "Malicious code in nintendoamerica-ncom (npm)",`
`7`		`- "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (7b638ac33d4412bfc3c7d3bc1d5f935f1966b743badfe353e134ff907d3e1b8f)\nThe OpenSSF Package Analysis project identified 'nintendoamerica-ncom' @ 1.0.5 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",`
	`7`	`+ "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (e77b311f9b7e9e9303cab9b4b2a926d9dd50cbd5cc8196be52e888925f36bb89)\nThe OpenSSF Package Analysis project identified 'nintendoamerica-ncom' @ 99.0.7 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",`
`8`	`8`	`"affected": [`
`9`	`9`	`{`
`10`	`10`	`"package": {`
`11`	`11`	`"ecosystem": "npm",`
`12`	`12`	`"name": "nintendoamerica-ncom"`
`13`	`13`	`},`
`14`	`14`	`"versions": [`
`15`		`- "1.0.5"`
	`15`	`+ "1.0.5",`
	`16`	`+ "99.0.7"`
`16`	`17`	`]`
`17`	`18`	`}`
`18`	`19`	`],`
`@@ -29,13 +30,22 @@`
`29`	`30`	`"database_specific": {`
`30`	`31`	`"malicious-packages-origins": [`
`31`	`32`	`{`
	`33`	`+ "source": "ossf-package-analysis",`
	`34`	`+ "sha256": "7b638ac33d4412bfc3c7d3bc1d5f935f1966b743badfe353e134ff907d3e1b8f",`
`32`	`35`	`"import_time": "2026-03-21T05:47:19.194998093Z",`
`33`	`36`	`"modified_time": "2026-03-21T05:40:41Z",`
`34`		`- "sha256": "7b638ac33d4412bfc3c7d3bc1d5f935f1966b743badfe353e134ff907d3e1b8f",`
`35`		`- "source": "ossf-package-analysis",`
`36`	`37`	`"versions": [`
`37`	`38`	`"1.0.5"`
`38`	`39`	`]`
	`40`	`+ },`
	`41`	`+ {`
	`42`	`+ "source": "ossf-package-analysis",`
	`43`	`+ "sha256": "e77b311f9b7e9e9303cab9b4b2a926d9dd50cbd5cc8196be52e888925f36bb89",`
	`44`	`+ "import_time": "2026-03-21T10:08:51.495852685Z",`
	`45`	`+ "modified_time": "2026-03-21T10:05:44Z",`
	`46`	`+ "versions": [`
	`47`	`+ "99.0.7"`
	`48`	`+ ]`
`39`	`49`	`}`
`40`	`50`	`]`
`41`	`51`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "modified": "2026-03-21T09:46:11Z",`
	`2`	`+ "modified": "2026-03-21T10:10:56Z",`
`3`	`3`	`"published": "2026-03-20T07:05:46Z",`
`4`	`4`	`"schema_version": "1.7.4",`
`5`	`5`	`"id": "MAL-2026-1983",`
`@@ -23,7 +23,8 @@`
`23`	`23`	`"1.0.14",`
`24`	`24`	`"1.0.15",`
`25`	`25`	`"1.0.16",`
`26`		`- "1.0.17"`
	`26`	`+ "1.0.17",`
	`27`	`+ "1.0.20"`
`27`	`28`	`]`
`28`	`29`	`}`
`29`	`30`	`],`
`@@ -146,6 +147,15 @@`
`146`	`147`	`"versions": [`
`147`	`148`	`"1.0.17"`
`148`	`149`	`]`
	`150`	`+ },`
	`151`	`+ {`
	`152`	`+ "source": "ossf-package-analysis",`
	`153`	`+ "sha256": "f68ed829f1cbda041340ebd648283ab5fd5ab2c539e09590a949b63f4550e0b4",`
	`154`	`+ "import_time": "2026-03-21T10:08:51.441195517Z",`
	`155`	`+ "modified_time": "2026-03-21T09:56:47Z",`
	`156`	`+ "versions": [`
	`157`	`+ "1.0.20"`
	`158`	`+ ]`
`149`	`159`	`}`
`150`	`160`	`]`
`151`	`161`	`}`