This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain.
-= Per source details. Do not edit below this line.=-
The OpenSSF Package Analysis project identified '4m-clean-shopify-app' @ 9.0.4 (npm) as malicious.
It is considered malicious because:
{ "malicious-packages-origins": [ { "sha256": "666440b2bf09ee1063948b636e2a77a9bd4894ffa3e5c48984f275046228d86c", "import_time": "2025-01-13T00:23:31.95082058Z", "versions": [ "9.0.4" ], "source": "ossf-package-analysis", "modified_time": "2024-12-20T14:00:49Z" } ] }