Malicious Package
of harmlesspackage contains malicious code as a postinstall script. The package printed a message to the console and performed a GET request to a remote server. Remove the package from your environment. There is no evidence of further compromise.