Malicious package due to arbitrary command execution, data exfiltration to Telegram, and a suspicious preinstall script executing code on installation.
No verification record available.
The package exhibits multiple strong indicators of malicious behavior. The index.js file executes arbitrary commands and exfiltrates sensitive system information to a Telegram bot, as evidenced by the LLM analysis. Additionally, the package.json file contains a preinstall script that executes node index.js, enabling code execution upon installation, further solidifying the malicious nature of the package.
