sherif getting flagged as malicious when reviewing package.json

[jhrozek]

@samuv noticed that a benign package sherif is being marked as malicious. That should not happen.

The package was brought into the context through reviewing package.json

[ptelang]

I am not able to reproduce this issue.

@samuv, Can you share the package.json file that you used for this? Did you use vllm provider and stacklok-hosted LLM for the test?

[samuv]

@ptelang, it was two weeks ago, and I used the Stacklok-hosted LLM for the test. The package.json I used is this one

I think @jhrozek did already a check on that