Malicious
OSV ID
MAL-2026-5384
Ecosystem
npm
Summary
Package name 'enquriers' closely resembles the widely-used 'enquirer' package (transposed/added characters), suggesting potential name-confusion risk. No malicious payload, exfiltration, dropper, credential access, or install-time code execution was identified in the package contents. Without a concrete installer-harm mechanism, name-similarity alone is a subjective signal that warrants human review rather than automated blocking.
Source: amazon-inspector (7c7f041bb6800c0c765683543b18f204299e64265c3d9124c54f7f0169b53348)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.