{
   affected: [
      {
         package: {
            ecosystem: "npm",
            name: "fluid-tooltip",
         },
         versions: [
            "5.3.6",
         ],
      },
   ],
   credits: [
      {
         contact: [
            "https://github.com/ossf/package-analysis",
            "https://openssf.slack.com/channels/package_analysis",
         ],
         name: "OpenSSF: Package Analysis",
         type: "FINDER",
      },
   ],
   database_specific: {
      "malicious-packages-origins": [
         {
            import_time: "2024-12-02T11:05:09.186947936Z",
            modified_time: "2024-12-01T09:23:12Z",
            sha256: "b6122622c2c0a1148d3aaa112aecd7878b80bded57762c2d51ac81554873cf9f",
            source: "ossf-package-analysis",
            versions: [
               "5.3.6",
            ],
         },
      ],
   },
   details: "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (b6122622c2c0a1148d3aaa112aecd7878b80bded57762c2d51ac81554873cf9f)\nThe OpenSSF Package Analysis project identified 'fluid-tooltip' @ 5.3.6 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
   id: "MAL-2024-11167",
   modified: "2024-12-01T09:23:12Z",
   published: "2024-12-01T09:23:12Z",
   schema_version: "1.5.0",
   summary: "Malicious code in fluid-tooltip (npm)",
}