This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon.
-= Per source details. Do not edit below this line.=-
The OpenSSF Package Analysis project identified 'bs-auto-dark-mode' @ 1.0.0 (npm) as malicious.
It is considered malicious because:
{ "malicious-packages-origins": [ { "sha256": "8a5c6958e14a49e20ebdd6902cdb4cad7872983ed4d39e94b625cc50a20314ac", "import_time": "2024-12-20T00:21:37.449579061Z", "versions": [ "1.0.0" ], "source": "ossf-package-analysis", "modified_time": "2024-12-18T07:38:28Z" }, { "sha256": "aab655718f2f8de50ede2933bf00064291d0e9286bf225ffd2027b3dfe30d335", "import_time": "2024-12-20T00:49:25.386844751Z", "versions": [ "1.0.2" ], "source": "ossf-package-analysis", "modified_time": "2024-12-18T10:18:02Z" } ] }