Skip to main content

Bad Author


This author is a known bad actor who has published malware.


No software from this author should be trusted.


In July 2021, NPM removed a package published by an author using the name chrunlee that contained a remote shell and password-stealing capabilities. Unsuspecting users downloaded this package and others like it published by chrunlee thousands of times over the course of two and a half years.