Affected script: "install-scripts:preinstall"
The script is sending local user information including the operating system username and Git configuration details (user name and email) to an external server, which could be used to steal identities or as part of a phishing attack. The request is made to either a local or remote server based on a hardcoded username, which can result in sensitive information being transmitted over the network without the user's knowledge or consent. This behavior is typically indicative of malicious intent, such as exfiltrating data, and thus should be considered as a security vulnerability.
node ./dist/scripts/postinstall.js
The script is a post-installation script meant to be run after an npm package is installed. It modifies the package.json by removing various script entries and configurations, such as 'dev', 'build', 'test', 'watch', 'coverage', eslintConfig
, devDependencies
, and 'dependencies'. This could be an attempt to clean or prepare for a production environment by removing development-related scripts and configurations. After updating package.json, it deletes directories within the ./dist
directory (scripts
, data
, resources
, source
). There is no evidence of code that could steal sensitive information, gain unauthorized access, run or download remote code, or otherwise harm the system based on the provided content.
@gusmano/reext
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.