diff --git a/osv/malicious/npm/@dz-lib/dz-cli/MAL-0000-dz-lib-dz-cli.json b/osv/malicious/npm/@dz-lib/dz-cli/MAL-0000-dz-lib-dz-cli.json
new file mode 100644
index 000000000..4e8bf2f30
--- /dev/null
+++ b/osv/malicious/npm/@dz-lib/dz-cli/MAL-0000-dz-lib-dz-cli.json
@@ -0,0 +1,28 @@
+{
+    "modified": "2024-12-18T12:48:09.437000Z",
+    "published": "2024-12-18T12:48:09.437000Z",
+    "schema_version": "1.5.0",
+    "id": "",
+    "summary": "Malicious code in @dz-lib/dz-cli",
+    "details": "This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon.",
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "npm",
+                "name": "@dz-lib/dz-cli"
+            },
+            "versions": [
+                "1.0.0"
+            ]
+        }
+    ],
+    "credits": [
+        {
+            "name": "Stacklok Insight: insight.stacklok.com",
+            "type": "FINDER",
+            "contact": [
+                "https://discord.com/invite/RkzVuTp3WK"
+            ]
+        }
+    ]
+}
\ No newline at end of file
diff --git a/osv/malicious/npm/@dz-lib/icon/MAL-0000-dz-lib-icon.json b/osv/malicious/npm/@dz-lib/icon/MAL-0000-dz-lib-icon.json
new file mode 100644
index 000000000..bca33de73
--- /dev/null
+++ b/osv/malicious/npm/@dz-lib/icon/MAL-0000-dz-lib-icon.json
@@ -0,0 +1,28 @@
+{
+    "modified": "2024-12-18T12:48:09.437000Z",
+    "published": "2024-12-18T12:48:09.437000Z",
+    "schema_version": "1.5.0",
+    "id": "",
+    "summary": "Malicious code in @dz-lib/icon",
+    "details": "This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon.",
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "npm",
+                "name": "@dz-lib/icon"
+            },
+            "versions": [
+                "1.0.0"
+            ]
+        }
+    ],
+    "credits": [
+        {
+            "name": "Stacklok Insight: insight.stacklok.com",
+            "type": "FINDER",
+            "contact": [
+                "https://discord.com/invite/RkzVuTp3WK"
+            ]
+        }
+    ]
+}
\ No newline at end of file
diff --git a/osv/malicious/npm/@hi.editor/core/MAL-0000-hi.editor.core.json b/osv/malicious/npm/@hi.editor/core/MAL-0000-hi.editor.core.json
new file mode 100644
index 000000000..2e6155103
--- /dev/null
+++ b/osv/malicious/npm/@hi.editor/core/MAL-0000-hi.editor.core.json
@@ -0,0 +1,28 @@
+{
+    "modified": "2024-12-18T12:48:09.437000Z",
+    "published": "2024-12-18T12:48:09.437000Z",
+    "schema_version": "1.5.0",
+    "id": "",
+    "summary": "Malicious code in @hi.editor/core",
+    "details": "This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon.",
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "npm",
+                "name": "@hi.editor/core"
+            },
+            "versions": [
+                "0.2.2-alpha.1"
+            ]
+        }
+    ],
+    "credits": [
+        {
+            "name": "Stacklok Insight: insight.stacklok.com",
+            "type": "FINDER",
+            "contact": [
+                "https://discord.com/invite/RkzVuTp3WK"
+            ]
+        }
+    ]
+}
\ No newline at end of file
diff --git a/osv/malicious/npm/@hisdk/mail-mac/MAL-0000-hisdk-mail-mac.json b/osv/malicious/npm/@hisdk/mail-mac/MAL-0000-hisdk-mail-mac.json
new file mode 100644
index 000000000..1968860dc
--- /dev/null
+++ b/osv/malicious/npm/@hisdk/mail-mac/MAL-0000-hisdk-mail-mac.json
@@ -0,0 +1,28 @@
+{
+    "modified": "2024-12-18T12:48:09.437000Z",
+    "published": "2024-12-18T12:48:09.437000Z",
+    "schema_version": "1.5.0",
+    "id": "",
+    "summary": "Malicious code in @hisdk/mail-mac",
+    "details": "This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon.",
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "npm",
+                "name": "@hisdk/mail-mac"
+            },
+            "versions": [
+                "1.0.1"
+            ]
+        }
+    ],
+    "credits": [
+        {
+            "name": "Stacklok Insight: insight.stacklok.com",
+            "type": "FINDER",
+            "contact": [
+                "https://discord.com/invite/RkzVuTp3WK"
+            ]
+        }
+    ]
+}
\ No newline at end of file
diff --git a/osv/malicious/npm/bs-auto-dark-mode/MAL-0000-bs-auto-dark-mode.json b/osv/malicious/npm/bs-auto-dark-mode/MAL-0000-bs-auto-dark-mode.json
new file mode 100644
index 000000000..3ce771912
--- /dev/null
+++ b/osv/malicious/npm/bs-auto-dark-mode/MAL-0000-bs-auto-dark-mode.json
@@ -0,0 +1,30 @@
+{
+    "modified": "2024-12-18T12:48:09.437000Z",
+    "published": "2024-12-18T12:48:09.437000Z",
+    "schema_version": "1.5.0",
+    "id": "",
+    "summary": "Malicious code in bs-auto-dark-mode",
+    "details": "This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon.",
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "npm",
+                "name": "bs-auto-dark-mode"
+            },
+            "versions": [
+                "1.0.2",
+                "1.0.1",
+                "1.0.0"
+            ]
+        }
+    ],
+    "credits": [
+        {
+            "name": "Stacklok Insight: insight.stacklok.com",
+            "type": "FINDER",
+            "contact": [
+                "https://discord.com/invite/RkzVuTp3WK"
+            ]
+        }
+    ]
+}
\ No newline at end of file
diff --git a/osv/malicious/npm/flybook-table/MAL-0000-flybook-table.json b/osv/malicious/npm/flybook-table/MAL-0000-flybook-table.json
new file mode 100644
index 000000000..988b58294
--- /dev/null
+++ b/osv/malicious/npm/flybook-table/MAL-0000-flybook-table.json
@@ -0,0 +1,28 @@
+{
+    "modified": "2024-12-18T12:48:09.437000Z",
+    "published": "2024-12-18T12:48:09.437000Z",
+    "schema_version": "1.5.0",
+    "id": "",
+    "summary": "Malicious code in flybook-table",
+    "details": "This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon.",
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "npm",
+                "name": "flybook-table"
+            },
+            "versions": [
+                "1.0.0"
+            ]
+        }
+    ],
+    "credits": [
+        {
+            "name": "Stacklok Insight: insight.stacklok.com",
+            "type": "FINDER",
+            "contact": [
+                "https://discord.com/invite/RkzVuTp3WK"
+            ]
+        }
+    ]
+}
\ No newline at end of file
diff --git a/osv/malicious/npm/interview-question/MAL-0000-interview-question.json b/osv/malicious/npm/interview-question/MAL-0000-interview-question.json
new file mode 100644
index 000000000..f2cb80934
--- /dev/null
+++ b/osv/malicious/npm/interview-question/MAL-0000-interview-question.json
@@ -0,0 +1,28 @@
+{
+    "modified": "2024-12-18T12:48:09.437000Z",
+    "published": "2024-12-18T12:48:09.437000Z",
+    "schema_version": "1.5.0",
+    "id": "",
+    "summary": "Malicious code in interview-question",
+    "details": "This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon.",
+    "affected": [
+        {
+            "package": {
+                "ecosystem": "npm",
+                "name": "interview-question"
+            },
+            "versions": [
+                "1.0.0"
+            ]
+        }
+    ],
+    "credits": [
+        {
+            "name": "Stacklok Insight: insight.stacklok.com",
+            "type": "FINDER",
+            "contact": [
+                "https://discord.com/invite/RkzVuTp3WK"
+            ]
+        }
+    ]
+}
\ No newline at end of file