Package is malicious. It exfiltrates user/host info to a remote server with obfuscation, delayed execution, and error suppression via preinstall script.
-= Per source details. Do not edit below this line.=-
The package express-security-policy was found to contain malicious code.
{
"malicious-packages-origins": [
{
"import_time": "2026-04-23T20:49:12.079742206Z",
"modified_time": "2026-04-23T20:43:56Z",
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"sha256": "b6a22332738d28f17374f25779f366449fef27b73ddc233b72db8b19c50764e2",
"source": "amazon-inspector"
}
]
}