The package is marked as malware by OSV: MAL-2026-2497 with source: amazon-inspector

Note: This report is updated by a verification record

The package exhibits multiple strong indicators of malicious behavior. The index.js file collects sensitive system information (hostname, username, home directory, DNS servers) and sends it to a suspicious hostname (zqt1buiujv4vjfoha4cbdi68ezkq8hw6.oastify.com), which is a known security collaboration site. This data exfiltration is further reinforced by the preinstall script in package.json executing node index.js, allowing arbitrary code execution during installation. The combination of data exfiltration, suspicious hostname, and preinstall script execution strongly suggests malicious intent. The package also has few published versions, which is another indicator of potentially malicious packages.