The package is marked as malware by OSV: MAL-2025-4705 with source: ossf-package-analysis

Note: This report is updated by a verification record

The package launch-darkly-provider version 1.0.10 is highly likely to be a malware. The preinstall.js script contains code that attempts to exfiltrate the /etc/passwd file to a remote server (yceqel7s681cheu71g7x24162x8uwkk9.oastify.com). This is a clear indication of malicious intent. Additionally, the package.json file defines a preinstall script that executes node preinstall.js, which is a common technique used by malicious packages to execute arbitrary code during installation. The project itself has low stars and forks, and only one published version, further increasing suspicion.