AUTO-PUBLISHED/npm//MAL-2026-4090
@antv/torch@1.0.6
by atool
torchjs for @antv.
steals →Chromium logins
reads-chromium-credsreads-env-varschild-process-spawn
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
weekly
—
/wk
llm verdict
benign 0.85