Package is malware. Exfiltrates data via pre/postinstall scripts, and has a suspicious main entrypoint targeting MongoDB configurations.
No verification record available.
The package exhibits multiple strong indicators of malicious behavior. The package.json file contains suspicious preinstall and postinstall scripts that use curl to send sensitive information (username, hostname, current directory, timestamp) to a remote server. This data exfiltration is a significant red flag. Additionally, the main field pointing to .mongorc.js is highly unusual and suggests an attempt to inject malicious code into MongoDB environments. The combination of these factors, including the use of requestrepo.com, which is often associated with malicious activity, leads to the conclusion that this package is likely malware.
