optimal-spark-config @14.0.3
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-1222
Ecosystem
pypi
Summary
During installation, the package starts obfuscated code that attempts to exfiltrate some basic information using DNS requests and then likely cover tracks by installing a similarly named package from private repository --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-02-urllib-slim Reasons (based on the campaign): - typosquatting - Downloads and executes a remote executable. - obfuscation - dependency-confusion
Source: kam193 (a1c1bf78d6e3b593fd29329b4175a48c645abf4b4b63e93db68f25221329d14c)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.