→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
weekly
—
/wk
llm verdict
malicious 0.96
h-score
52
patterns
34
size
35.0 MB
versions
292
AUTO-PUBLISHED/npm/
@danmademe/pi-provider-litellm@0.3.0
by danmademe
Pi agent extension for LiteLLM proxy auto-discovery and model configuration