Malicious Package
All versions of evil-package contain malicious code. The package uploads the contents of process.env to example.com/log. Remove the package from your environment. Given the host where the information was uploaded to there is no further indication of compromise.