Summary

Note: This report is updated by a verification record

Low confidence YARA rule matches related to bash persistence are not sufficient to classify the package as malware. Need stronger evidence.

Verification Record

Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Details

Note: This report is updated by a verification record

The YARA rule bash_persist_persistent matched in two files (setup_bun.js and bun_environment.js). While the rule indicates accessing multiple bash startup files, which can be a sign of persistence mechanisms, the confidence is low. Matching this rule alone is not sufficient to classify the package as malware. Without stronger evidence or further analysis, it is safer to assume it is not malicious.

Summary

Note: This report is updated by a verification record

Low confidence YARA rule matches related to bash persistence are not sufficient to classify the package as malware. Need stronger evidence.

Verification Record

Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Details

Note: This report is updated by a verification record

vf-oss-template@1.0.3Malicious

Verified

Analysed at: 11/24/25, 12:11 PM

Source: https://registry.npmjs.org/vf-oss-template/-/vf-oss-template-1.0.3.tgz

SHA256: 8c8d4576ba780d9eaa14156ae60a2999bc689854032ceb7c8464918d4ba92b17

Confidence: High