The wrong/unclear report for never-published packages focal-manual-tests and focal-todomvc

[oleksiilevzhynskyi]

Hey. I'm a maintainer of https://github.com/grammarly/focal. There are two Malware reports for focal-manual-tests and focal-todomvc.

However, it is not clear why these packages were marked as Malware:

1. These packages are local examples of how to use @grammarly/focal npm package
2. These packages do not export anything and are never published

• https://github.com/grammarly/focal/tree/master/packages/examples/todomvc
• https://github.com/grammarly/focal/tree/master/packages/examples/all

Please clarify the reason for these reports and/or remove them, as it looks like a mistake.

[KateCatlin]

Hi @oleksiilevzhynskyi!

It sounds like a security researcher was uploading dependency confusion packages and these packages were removed.

If you think this was created in error, you'll need to send in a reinstatement request. Here's a link to the npm policy and the form.

Alternatively, if someone else has been using the npm package name you can reach out to npm through the name dispute form.

Hope that helps and have a great day!