The 'test' directory seems to contain the code of malicious package 'monorepo-symlink-test'

[lanzkron]

Our security scanner reported that we have a malicious package 'monorepo-symlink-test' installed.
This package has been removed from npm but it appears to be embedded in the test directory (in directory /test/resolver/multirepo).

[ljharb]

Seems to, but doesn’t. Your security scanner is incompetent, I’m afraid. the package.json has private: true, the fact that the name field is the same is irrelevant.

Duplicate of #303. Duplicate of #291. Duplicate of #288. Duplicate of #304.