The package is marked as malware by OSV: MAL-2026-2414 with source: amazon-inspector

Note: This report is updated by a verification record

The package exhibits multiple suspicious characteristics indicative of malware. The presence of hex obfuscation in multiple JavaScript files (6ad264.js, b02e30.js, helpers.js) makes the code harder to read and analyze. The 6ad264.js file uses module.constructor to load modules like os and dns, which is a common technique for code execution. It also accesses the global process object, potentially enabling malicious actions. The package.json includes an install script that executes node index.js upon installation, and the author email research@sl4x0.xyz uses a suspicious domain. These multiple pieces of evidence strongly suggest malicious intent.