The package is marked as malware by OSV: MAL-2026-2418 with source: amazon-inspector

Note: This report is updated by a verification record

The package exhibits suspicious characteristics that, when combined, suggest malicious intent. The install script executes node index.js, which is a strong indicator of potential malicious behavior. Additionally, the author's email domain, sl4x0.xyz, raises further suspicion due to its lack of association with any legitimate organization. The combination of these two factors leads to the conclusion that the package is likely malware.