-= Per source details. Do not edit below this line.=-
This package was compromised by the Shai-Hulud NPM worm. The malicious payload steals tokens and credentials and publishes them to GitHub before propogating itself to NPM packages the user owns.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.1"
],
"sha256": "beb2182dad9121d8cdfbd98f321d90cd62cda75f2c4ef68f1a5e22608808dc91",
"modified_time": "2025-09-17T05:58:45Z",
"source": "google-open-source-security",
"import_time": "2025-09-17T05:59:33.931323Z"
}
]
}