npm
This a typosquatting attack. The package uses an Ethereum smart contract to establish a command and control connection - over which a malicious binary is downloaded.
Mocha reporter which shows gas used per unit test.
| Public repositories of contributors | 1,830 |
| Followers of contributors | 3,820 |
| Repository forks | 91 |
| Open issues | 10 |
| Repository watchers | 9 |
| Number of contributors | 24 |
| Repository stars | 603 |
We were unable to match this package to a source code repository.
Typosquatting is the risk of installing a malicious package that uses a name similar to a legitimate one.
Starjacking can mislead users into trusting a package, hiding malicious code behind inflated popularity.