This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Note: This report is updated by a verification record
Potentially malicious package due to embedded executable with mismatched extension and arbitrary code execution during installation.
Package compromised via npm token leak from phishing attack
Package compromised via phishing attack that led to npm token leak. Malicious versions released by attacker. Package maintainer has deprecated affected versions and released clean versions.
Note: This report is updated by a verification record
The package contains a DLL with a mismatched extension (likely an EXE renamed to DLL) and executes arbitrary code during installation via install.cjs. This combination of suspicious behaviors suggests malicious intent. Embedding an executable and running code on install are common malware techniques.