My macOS install got infected by installing NPM package? A false positive or a real threat

Web: https://www.reddit.com/r/cybersecurity/comments/rxy5ww/my_macos_install_got_infected_by_installing_npm/

So I was amidst writing my NodeJS app in VSCode that I'm working on for some time and I installed a library that I used for several years GameDig https://www.npmjs.com/package/gamedig

After like 10 minutes my computer started lagging and all apps quit as I started investigating I saw a process called MRT using 90% of my CPU at that moment I knew I was fucked because MRT is an Apple Malware Removal tool

So I used Objective See Task Explorer …

cybersecurity false positive macos my npm package threat