The package is marked as malware by OSV: MAL-2026-2824 with source: OSV

Note: This report is updated by a verification record

The package unisys-uka version 99.99.1 is classified as malware due to multiple strong indicators of malicious behavior. The postinstall.js script exhibits several suspicious activities, including collecting sensitive environment variables, reading the content of sensitive files (like SSH keys and bash history), executing system commands to gather system information, and exfiltrating the collected data to a remote server ('p1s.uk') via HTTP/HTTPS POST requests. Multiple YARA rules also detected these behaviors. The postinstall script in package.json further confirms the execution of arbitrary code upon installation, strengthening the classification as malware. The combination of these factors provides strong evidence of malicious intent.