Mal-ecule
O(S)H(Po)Md(Pa₇)
Objectives
notable severity, 70% confident.
supply-chain/metadata-anomaly/dependency
npm package has prepublishOnly hook
component severity, 100% confident.
anti-static/obfuscation/code-metrics
Benign context: TS interface declaration in source
component severity, 80% confident.
anti-static/obfuscation/string
JavaScript strings capped at five
component severity, 94% confident.
impact/crypto-manipulation
Solana config directory marker
component severity, 93% confident.
supply-chain/impersonation
README heading differs from manifest
component severity, 90% confident.
supply-chain/install-hook/scripts
package.json defines files array
component severity, 84% confident.
supply-chain/metadata-anomaly/manifest
Package uses npm scope name
component severity, 100% confident.
supply-chain/trojanized/library
"Client" word literal
Micro-behaviors
notable severity, 85% confident.
process/interpreter
npm script runs a script interpreter
baseline severity, 80% confident.
data/text
English language detection
component severity, 88% confident.
data/text/keywords
Codebase/repository keyword
component severity, 88% confident.
process/create/shell
Chat open-shell command literal
component severity, 84% confident.
ui
ANSI terminal erase operation
Metadata
notable severity, 85% confident.
package
Package has prepublishOnly script
notable severity, 90% confident.
package/fields
Package has TypeScript types entry
baseline severity, 80% confident.
file/text
Sequential source identifier names
baseline severity, 99% confident.
lang
TypeScript declaration file (.d.ts/.d.cts/.d.mts)
baseline severity, 100% confident.
library
JavaScript module exports
component severity, 100% confident.
file
Source declaration file extension
component severity, 100% confident.
lang/encoded
JavaScript file basename
20 of 23 traits shown
Identity
| SHA-256 | abf19b612abe4e1521a971636763e960bf806e13eb6d731c75c4299e7b7b83e4 |
|---|---|
| Canonical SHA-256 | 1de3ea6e8e2b1350d2d3c0125199ae724793279687ff2b4db676ea070bdfdefc |
| Filename | @biorate-opensearch-2.0.1.tgz |
| Package | @biorate |
| Version | 2.0.1 |
Origin
| Source | harvest |
|---|---|
| Feed | npmjs.org |
| Ecosystem | javascript |
| Domain | npmjs.org |
Timeline
| First seen | 16 May 2026 04:34 UTC |
|---|---|
| First analyzed | 17 May 2026 05:42 UTC |
| Last analyzed | 15 Jun 2026 19:40 UTC |
| Last updated | 15 Jun 2026 19:40 UTC |
Labeling
| Label | unknown |
|---|---|
| Label source | harvest |
| Traits version | 37896 |
Not seeing what you expected? Let us know