[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMy8FgXWqwsCx1RnfB1r59MJSkCB5AHdSlHw-psZ-7OU":3},{"article":4,"iocs":53},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"2c69e930-210f-4fce-befa-094140efcf0f","OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI","osv-withdraws-157-malware-reports-after-automated-false-positives-hit-npm-and-py-b0f978","OSV, the OpenSSF-backed vulnerability database, withdrew 157 malicious-package reports on May 26 after automated detections incorrectly flagged npm and PyPI packages as malware, pushing bad records for trusted projects into OSV-consuming security tools and CI\u002FCD systems. The rollback happened in OpenSSF’s malicious-packages repository, where OSV-format records for malicious packages are maintained. A PR titled “Withdraw FastAPI v0.136.3 and other FPs reports,” began with a false-positive withdrawal for FastAPI 0.136.3, then expanded into a much larger cleanup across npm and PyPI. The final commit changed one still-active record under osv\u002Fmalicious and moved the rest into osv\u002Fwithdrawn, leaving 157 withdrawn OSV reports in the rollback. The withdrawn records spanned both npm and PyPI ecosystems, including FastAPI, Strawberry GraphQL, @tanstack\u002Fstart-storage-context, @nx\u002Fkey, @ctrl\u002Fplex, rdflib, qontract-reconcile, massive, notebook-intelligence, pulumi-vcd, art-template, and a long tail of MCP servers, AI tools, CLI packages, framework forks, component libraries, and API clients. Follow-on commits throughout May 26 expanded the cleanup to additional false-positive reports across the same clusters, along with many smaller packages. These were not harmless metadata edits. OSV records feed scanners, dashboards, policy engines, SBOM tooling, registry controls, and CI\u002FCD gates. A bad malware record in that path can stop builds, trigger incident response, and force maintainers to show their projects were not compromised after the alert has already propagated. FastAPI Flagged for Suspicious Dependency # The withdrawn OSV record, MAL-2026-4750, described FastAPI’s fastapi0.136.3 as “Malicious code in fastapi (PyPI)” and attributed the report to Amazon Inspector. The record claimed the release added an undocumented dependency, fastar>=0.9.0, to FastAPI’s standard optional dependency group. It framed fastar as “typosquat-shaped” and described the dependency as a possible dependency-confusion or namespace-abuse vector. The record did not identify a malicious payload in FastAPI. It did not point to install-time execution, credential theft, command-and-control behavior, exfiltration, or attacker infrastructure. Without verifying with maintainers of the popular project, the suspicious-looking dependency change was promoted into a malicious-code record. Amazon Inspector Reports Drove the False Positives # Many of the withdrawn JSON records point to Amazon Inspector, AWS’s automated vulnerability management service. OpenSSF added Amazon Inspector as an automated source for its malicious-packages repository in October 2025, setting up authentication to an OpenSSF-controlled AWS role that could ingest malicious-package reports from an Amazon Inspector bucket. That path put automated Amazon Inspector reports into OSV-format malware records. In the PR for the rollbacks, Chi Tran wrote: “We have paused our automation and taking actions.” This incident shows how that reporting path can push unvalidated detections into public package intelligence. FastAPI’s withdrawn record credits Amazon Inspector as the finder and lists amazon-inspector as the source for version 0.136.3, but the attribution is not uniform across all 157 reports. Some records appear cleanly Amazon Inspector-attributed. Others are mixed because they preserve older origins from prior confirmed compromises or other reporting sources alongside newer Amazon Inspector-origin entries. @tanstack\u002Fstart-storage-context is one of the mixed cases: the package had earlier compromise context, while the disputed 1.167.4 version was part of the May 26 false-positive cleanup. # OSV has become a valuable data source because it is open, structured, and easy to consume. That is also what makes bad records propagate quickly through dependency scanners, CI checks, registry controls, SBOM tools, dashboards, and internal policy systems. When those tools treat OSV as an enforcement source, a false malware report can block builds or deployments before maintainers have a chance to correct the record. Malware reports also carry a different operational weight than ordinary vulnerability advisories. A vulnerability alert can often be triaged by version range, severity, reachability, and deployment context. A malware alert is more likely to trigger emergency review, package removal, credential-rotation discussions, or incident-response workflows. That made the May 26 rollback disruptive for maintainers and consumers. Packages were flagged as malicious, downstream tools surfaced the records, and maintainers had to manually verify releases that were later cleared.","OpenSSF's OSV vulnerability database rolled back 157 malicious-package reports on May 26 after automated detections from Amazon Inspector incorrectly flagged trusted npm and PyPI packages including FastAPI, Strawberry GraphQL, and others as malware. The false positives propagated through dependency scanners, CI\u002FCD systems, and security tools before being withdrawn, demonstrating the operational risk when unvalidated automated malware reports feed into widely-consumed security infrastructure. The incident prompted OpenSSF to pause Amazon Inspector's automated reporting pipeline and conduct a broader cleanup across both ecosystems.","OSV withdraws 157 false-positive malware reports from npm and PyPI after automated Amazon Inspector detections","Research\u002FSecurity NewsTrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.ioTrapDoor crypto stealer hits 36 malicious packages across npm, PyPI, and Crates.io, targeting crypto, DeFi, AI, and security developers.By Socket Research Team - May 24, 2026","https:\u002F\u002Fsocket.dev\u002Fblog\u002Fosv-withdraws-157-malware-reports?utm_medium=feed","https:\u002F\u002Fcdn.sanity.io\u002Fimages\u002Fcgdhsj6q\u002Fproduction\u002F4a4197a755660c153ff7eac364cfed49c4942b05-2752x1536.jpg?w=1000&q=95&fit=max&auto=format","2026-05-27T06:02:38.578+00:00","2026-05-27T16:00:12.873662+00:00",8,[18,21,23,26,28,30],{"name":19,"type":20},"Amazon","vendor",{"name":22,"type":20},"OpenSSF",{"name":24,"type":25},"OSV","product",{"name":27,"type":25},"Amazon Inspector",{"name":29,"type":25},"FastAPI",{"name":31,"type":25},"Strawberry GraphQL","26b0b636-0e31-4db1-bffb-61bdf9f20a58",{"id":32,"icon":34,"name":35,"slug":36},null,"Supply Chain","supply-chain",[38,43,48],{"category":39},{"id":40,"icon":34,"name":41,"slug":42},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",{"category":44},{"id":45,"icon":34,"name":46,"slug":47},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":49},{"id":50,"icon":34,"name":51,"slug":52},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[]]