The package contains additional code to exfiltrate user private keys to an attack-controlled server.
{ "malicious-packages-origins": null }