The package is marked as malware by OSV: MAL-2026-1388 with source: ghsa-malware

Note: This report is updated by a verification record

The package contains a preinstall script in package.json that executes node index.js. This behavior is flagged by both a YARA rule (npm_preinstall_command) and an LLM-based file evaluation service as suspicious. The preinstall script is a common technique used by malicious packages to execute arbitrary code during installation. This constitutes strong evidence of malicious intent, as it allows the package to run code without the user's explicit consent.