-= Per source details. Do not edit below this line.=-
The package karem4 was found to contain malicious code.
The OpenSSF Package Analysis project identified 'karem4' @ 1.0.0 (npm) as malicious.
It is considered malicious because:
The package communicates with a domain associated with malicious activity.
The package executes one or more commands associated with malicious behavior.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"import_time": "2025-12-03T01:35:07.807111758Z",
"modified_time": "2025-12-03T01:13:41Z",
"sha256": "b843a0d849da7453ce803b77a117a501a3b1e4b04eae8222d3b59d48438931cc",
"source": "ossf-package-analysis"
},
{
"versions": [
"1.0.0"
],
"import_time": "2025-12-03T17:40:20.551622296Z",
"modified_time": "2025-12-03T17:22:10Z",
"sha256": "5a1d3bd676881934532a2e75fd644e22b2e4f26fb08bde6d48ff6d529de7467d",
"source": "amazon-inspector"
}
]
}