This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Note: This report is updated by a verification record
Suspicious package with DLL extension mismatch, embedded executable, and install script executing arbitrary code. Likely malware.
Package compromised via npm token leak from phishing attack
Package compromised via phishing attack that led to npm token leak. Malicious versions released by attacker. Package maintainer has deprecated affected versions and released clean versions.
Note: This report is updated by a verification record
The package contains a DLL with an extension mismatch (likely a Windows executable disguised as a DLL), and it has a suspicious install script executing node install.js. This combination is highly indicative of malicious intent, allowing for arbitrary code execution during installation. The presence of an embedded executable further raises concerns.