No confirmed malicious attack surface. The package provides opt-in API, logging, WebSocket, and environment-decryption utilities invoked by consumers.
Static reason
One or more suspicious static signals were detected.
Trigger
A consuming application explicitly instantiates a client or calls exported utility functions.
Impact
Network requests or environment mutation occur only through consumer-supplied calls and configuration; no install-time or import-time action was established.
Mechanism
User-configured HTTP/WebSocket clients and explicit local .env.enc decryption.
Rationale
Source inspection supports an API-service utility library rather than a malicious package. Scanner signals map to explicit library features and the unusual https dependency does not create a concrete execution chain.
Evidence
package.jsondist/index.jsdist/env/EnvDecryption.jsdist/api/external/ExternalApiConnection.jsdist/api/request/RequestAxiosCall.jsdist/web3/coingecko/CoingeckoPriceFinder.jsREADME.mddist/api/APIService.jsdist/api/HttpsAPIService.jsdist/api/external/BrebApiConnection.jsdist/log/Logger.jsdist/log/LoggerWebSocket.js
Network endpoints1
api.coingecko.com/api/v3/coins/