Please remove all captivateiq instacnes

[radical-izak]

Please help us remove all captivate instance of npm https://github.com/ossf/malicious-packages/tree/main/osv/malicious/npm/%40captivateiq

all of the listed there were just a test of security purposes, now there are no public captivateiq repos

Please let me know if you need any other information

Thank you

[calebbrown]

Hi @radical-izak.

We have a policy of not removing reports of malicious packages once they have been added.

We will only adjust the reports to be more specific for the versions they apply to, or withdraw them if they were not pointing to malicious packages.

The repo serves as a history of malicious packages that have been published to open source repositories as both a resource to researchers and organizations trying to protect themselves.

Furthermore, the repo does not attempt to judge a package on the intent of the author, only on the package itself and its behavior. This means that packages from both malicious attackers and security researchers are fair game for inclusion.

I hope that helps explain. If there is a specific problem you are trying to solve other than merely removing them from the repo, I'd be happy to discuss it more.