This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Data exfiltration to a C&C server (8.152.163.60:8058) confirmed by LLM analysis. Missing project info adds to suspicion.
The package slf4j-api-js (1.0.0) is highly suspicious and likely malware due to strong evidence of data exfiltration. Evidence 0, from a reliable LLM-based file analysis service, provides medium confidence that the package's main.js file contains a function (_mcku5ct2) that collects extensive system information (OS, hardware, user details, running processes, etc.) and transmits it to a remote IP address (8.152.163.60:8058). This clearly indicates data exfiltration to a potential command and control (C&C) server. While Evidence 1 highlights the lack of source project information, which is suspicious, the conclusive data exfiltration evidence from the LLM analysis outweighs this uncertainty. The absence of project information could be a deliberate attempt to obfuscate the malicious intent. The combination of these factors strongly suggests malicious behavior.