The package is marked as malware by OSV: MAL-2026-1228 with source: amazon-inspector

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors, strongly suggesting it is malware. The preinstall script executes scripts/setup.js, which exfiltrates sensitive information (hostname, CWD, Node.js version) to a suspicious URL. The script also terminates the process after the callback, which is unusual and could be used to hide malicious activity. The package has only a few published versions, further increasing suspicion. These factors combined provide strong evidence of malicious intent.