—
MAL-2026-10700
Malicious code in time-format-kit (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: ossf-package-analysis (013929714a8a46ad664ac923c9ce315df1b9351993cc7d2d06a325d8f0c49009) The OpenSSF Package Analysis project identified 'time-format-kit' @ 1.0.2 (npm) as malicious.
It is considered malicious because:
- The package communicates with a domain associated with malicious activity.
- The package executes one or more commands associated with malicious behavior.
Are you affected?
Enter the version of the package you're using.
Affected packages
npm / time-format-kit
No fixed version published yet for time-format-kit (npm). Pin to a known-safe version or switch to an alternative.