This package exfils sensitive data to a attacker-controlled domain via index.js.
{ "malicious-packages-origins": null }