Ingest OSV - Cloud Storage

Author: github-actions

config/start-keys.yaml

@@ -5,7 +5,7 @@ kam193:
     pypi/packages/pentest/osv/: 27cbe31837ebfb9ccc169b6c60ebc77b8545845e
     pypi/packages/probably_pentest/osv/: c1b996ad1142bc47f43e30615d9e5a83d344134e
 ossf-package-analysis:
-    confident/: confident/20251204/103947-npm-elf-stats-rooftop-stockpile-626-99.0.2.json
+    confident/: confident/20251204/103948-npm-elf-stats-merry-cookiejar-987-1.0.3.json
 reversing-labs:
     RLMA-: RLMA-2025-05986.json
     RLUA-: RLUA-2025-05995.json

osv/malicious/npm/express-my-error-handler/MAL-0000-ossf-package-analysis-a6100d1ae786cf3f.json

@@ -0,0 +1,42 @@
+{
+  "modified": "2025-12-06T13:55:54Z",
+  "published": "2025-12-06T13:55:54Z",
+  "schema_version": "1.7.4",
+  "id": "",
+  "summary": "Malicious code in express-my-error-handler (npm)",
+  "details": "The OpenSSF Package Analysis project identified 'express-my-error-handler' @ 10.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "express-my-error-handler"
+      },
+      "versions": [
+        "10.0.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "a6100d1ae786cf3f3cb1ff3a75e63d658863ce7950f587d9cef51287b8d481e7",
+        "import_time": "2025-12-06T14:06:07.572188915Z",
+        "modified_time": "2025-12-06T13:55:54Z",
+        "versions": [
+          "10.0.0"
+        ]
+      }
+    ]
+  }
+}