The package some-other-config-you-use was found to contain malicious code.
-= Per source details. Do not edit below this line.=-
This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on stealing npm, git, and other CI/CD related tokens.
{
"malicious-packages-origins": [
{
"versions": [
"99.0.0"
],
"sha256": "a98108016141abe191133227cf47daa98e0d6ebbfd1506d0a5328d80fdee2eb7",
"modified_time": "2025-10-30T03:28:23Z",
"source": "google-open-source-security",
"import_time": "2025-10-30T03:28:38.996652Z"
}
]
}