I noticed that a malware report for eslint-plugin-dropbox-sign contains "modified_time": "0001-01-01T00:00:00Z" in a malicious-package-origins entry.

Is this normal/intended?

This was not intended, and a result of my work fixing the source ID of ossf-package-analysis.

This doesn't present a problem at the moment, but it is not ideal.

Scanning the repository indicates that this is only a problem with that specific OSV report.

I will fix it manually.