-= Per source details. Do not edit below this line.=-
The package karem1 was found to contain malicious code.
The OpenSSF Package Analysis project identified 'karem1' @ 1.0.0 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"import_time": "2025-12-03T01:35:07.663193904Z",
"modified_time": "2025-12-03T01:05:58Z",
"sha256": "b157559068e5498ca43d118d45ecfebd0c4505ec13787457c162501ab7076453",
"source": "ossf-package-analysis"
},
{
"versions": [
"1.0.0"
],
"import_time": "2025-12-03T17:40:19.709137816Z",
"modified_time": "2025-12-03T17:22:10Z",
"sha256": "327a275e4c0f14aa43026b91f5ed1968c2496f55319c813cefb5204c6208d09b",
"source": "amazon-inspector"
}
]
}