diff --git a/config/start-keys.yaml b/config/start-keys.yaml
index 9814871a6..c3fe13b4d 100644
--- a/config/start-keys.yaml
+++ b/config/start-keys.yaml
@@ -1,5 +1,5 @@
 ossf-package-analysis:
-    confident/: confident/20241223/141826-npm-bridge-transaction-parser-hop400-1.2.0.json
+    confident/: confident/20241223/142610-npm-wdio-common-1.1.0.json
 reversing-labs:
     RLMA-: RLMA-2024-11212.json
     RLUA-: RLUA-2024-11114.json
diff --git a/osv/malicious/npm/testforyt7hb/MAL-0000-ossf-package-analysis-7ffea609123713e8.json b/osv/malicious/npm/testforyt7hb/MAL-0000-ossf-package-analysis-7ffea609123713e8.json
new file mode 100644
index 000000000..eecf812a3
--- /dev/null
+++ b/osv/malicious/npm/testforyt7hb/MAL-0000-ossf-package-analysis-7ffea609123713e8.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2024-12-23T19:50:54Z",
+  "published": "2024-12-23T19:50:54Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in testforyt7hb (npm)",
+  "details": "The OpenSSF Package Analysis project identified 'testforyt7hb' @ 1.2.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "testforyt7hb"
+      },
+      "versions": [
+        "1.2.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "7ffea609123713e81da0d17141ca37dca97eaa7848afcbf299d969e5108ce7e2",
+        "import_time": "2024-12-23T20:05:43.202168215Z",
+        "modified_time": "2024-12-23T19:50:54Z",
+        "versions": [
+          "1.2.0"
+        ]
+      }
+    ]
+  }
+}
diff --git a/osv/malicious/npm/testforyt7hb/MAL-0000-ossf-package-analysis-8d8cc4117fc59a58.json b/osv/malicious/npm/testforyt7hb/MAL-0000-ossf-package-analysis-8d8cc4117fc59a58.json
new file mode 100644
index 000000000..dfdbc310d
--- /dev/null
+++ b/osv/malicious/npm/testforyt7hb/MAL-0000-ossf-package-analysis-8d8cc4117fc59a58.json
@@ -0,0 +1,42 @@
+{
+  "modified": "2024-12-23T19:45:57Z",
+  "published": "2024-12-23T19:45:57Z",
+  "schema_version": "1.5.0",
+  "id": "",
+  "summary": "Malicious code in testforyt7hb (npm)",
+  "details": "The OpenSSF Package Analysis project identified 'testforyt7hb' @ 1.1.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n\n- The package executes one or more commands associated with malicious behavior.\n",
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "testforyt7hb"
+      },
+      "versions": [
+        "1.1.0"
+      ]
+    }
+  ],
+  "credits": [
+    {
+      "name": "OpenSSF: Package Analysis",
+      "type": "FINDER",
+      "contact": [
+        "https://github.com/ossf/package-analysis",
+        "https://openssf.slack.com/channels/package_analysis"
+      ]
+    }
+  ],
+  "database_specific": {
+    "malicious-packages-origins": [
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "8d8cc4117fc59a58b4d90473f5d25069af8ce575c452c4a1a275007a5fd279b2",
+        "import_time": "2024-12-23T20:05:43.107177275Z",
+        "modified_time": "2024-12-23T19:45:57Z",
+        "versions": [
+          "1.1.0"
+        ]
+      }
+    ]
+  }
+}