This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Note: This report is updated by a verification record
Suspicious postinstall script executing bundle.js and YARA rule match indicate potential malware.
Package has credential harvesting behaviour and found in known malicious campaign.
Package has credential harvesting behaviour and found in known malicious campaign.
Note: This report is updated by a verification record
The package exhibits suspicious behavior. The postinstall script executes node bundle.js, which is highly unusual and indicates potential malicious activity. The bundle.js file also triggers the unsigned_bitwise_math_excess YARA rule, further raising suspicion. The combination of these factors suggests that the package is likely malicious.