npm:phpmyadmin is both malicious and legitimate

[prabhu]

As per OSV, all versions of npm:phpmyadmin are malicious.

However, this npm package is quite legitimate, although the project never publishes the same on npm.

Currently, when constructing or searching for a PURL, we don't really consider the published status of a package. Let's use this ticket to track some ideas.