The package opens up arbitrary backdoor port that allows bad actors to connect to.
{ "malicious-packages-origins": null }