Hello GitHub Security team,

I am the owner of the npm organization @myop, and I am formally disputing this advisory:

🔗 GHSA-hhqp-hr66-2g9r
🛑 Titled: "Malware" — Published: May 12, 2025

This advisory incorrectly implies malicious intent, which was not the case. The issue was caused by a misconfigured publish script, and we worked directly with the npm support and Trust & Safety teams to resolve it.

The @myopjs organization was reviewed and restored by npm support after several weeks of investigation.

No versions were restored, and all packages were republished clean, from scratch.

The advisory remains publicly visible without resolution, context, or a clear status — falsely warning users and causing ongoing damage to our company's reputation.

What we are requesting:
Full removal of the advisory, if possible, since it no longer reflects any active threat or valid security concern.

Note that the package was not intentionally malicious.

Indicate that @myopjs packages are currently safe and maintained.

Our company and users continue to see warnings triggered by this advisory, even after all corrective actions were taken and access was restored by npm.

We’re happy to provide any additional information or documentation as needed. Please treat this dispute with urgency, as it continues to cause real harm.