The package is marked as malware by OSV: MAL-2026-1484 with source: amazon-inspector

Note: This report is updated by a verification record

The package exhibits multiple strong indicators of malicious behavior. It exfiltrates sensitive information (hostname, platform, username) to a suspicious external server ('tu-webhook-o-servidor.com'). Additionally, it executes arbitrary code during the preinstall phase via node index.js, a common technique used by malicious packages. The package also has very few published versions. The combination of data exfiltration, arbitrary code execution during installation, and a suspicious hostname strongly suggests malicious intent.