The package is marked as malware by OSV: MAL-2026-2406 with source: amazon-inspector

Note: This report is updated by a verification record

The package exhibits multiple suspicious behaviors. Firstly, the presence of hex obfuscation in multiple javascript files (6ad264.js, b02e30.js, and helpers.js) indicates an attempt to conceal the code's functionality. The LLM analysis confirms this, highlighting code obfuscation and dynamic code execution using module.constructor._load. Secondly, the package accesses the global process object, which is often used by malware for system information gathering or manipulation. Thirdly, the package.json contains an install script that executes node index.js, allowing arbitrary code execution during installation. Finally, the author's email address research@sl4x0.xyz is suspicious. These factors combined strongly suggest malicious intent.