-= Per source details. Do not edit below this line.=-
The package karemz was found to contain malicious code.
The OpenSSF Package Analysis project identified 'karemz' @ 1.0.0 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"import_time": "2025-12-03T00:50:36.891402559Z",
"modified_time": "2025-12-03T00:48:22Z",
"sha256": "0ea2cd139758da9c9339894a56f0250a834c2fb01f4b25c9e398daef8c61c992",
"source": "ossf-package-analysis"
},
{
"import_time": "2025-12-03T01:35:21.687195897Z",
"modified_time": "2025-12-03T01:23:28Z",
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"sha256": "0210683c3480535deb828dc6e3f758815b2a57ae4a50c37dca6443ad61623aa4",
"source": "amazon-inspector"
}
]
}