Weird npm package inside major software releases?

Hi,

this might be a kind of stange question but do you recognize the npm package "yunlongzha\_test\_node"? I found it in the open source license listings for major firms, product lines and wonder what it does. Further analysis leads to some really strange GitHub account that has some really suspicious history of deletions and strange repos. I wonder if it is something malicious that has creeped its way into major software releases?

Just googling for it rings my alarm bells. …

account analysis cybersecurity found github history kind license major npm npm package open source package product question releases software software releases weird