Severity: Critical
CVSS Score: 9.8
Version 0.0.1 of `harmlesspackage` contains malicious code as a postinstall script. The package printed a message to the console and performed a GET request to a remote server. ## Recommendation Remove the package from your environment. There is no evidence of further compromise.