The package is marked as malware by OSV: MAL-2026-2830 with source: amazon-inspector

Note: This report is updated by a verification record

The package exhibits multiple strong indicators of malicious behavior. The preinstall script executes scripts/audit.js, which gathers sensitive information like username, hostname, git remote URL, Active Directory domain, DNS, and npm registry configuration. This information is then base64 encoded and sent to a remote server. This data exfiltration, combined with the suspicious use of a preinstall script and the limited number of published versions, strongly suggests malicious intent. The reading of .npmrc also raises concerns.