The package airbnb-relaxed was found to contain malicious code.
-= Per source details. Do not edit below this line.=-
This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on stealing npm, git, and other CI/CD related tokens.
{
"malicious-packages-origins": [
{
"sha256": "1b6a5e736a13af63369b9867066a010eb0cb881853407342fe42c472c919dd3c",
"import_time": "2025-10-30T03:28:38.589212Z",
"modified_time": "2025-10-30T03:28:23Z",
"source": "google-open-source-security",
"versions": [
"1.0.0"
]
}
]
}