Affected script: "install-scripts:preinstall"
The script is sending local user information including the operating system username and Git configuration details (user name and email) to an external server, which could be used to steal identities or as part of a phishing attack. The request is made to either a local or remote server based on a hardcoded username, which can result in sensitive information being transmitted over the network without the user's knowledge or consent. This behavior is typically indicative of malicious intent, such as exfiltrating data, and thus should be considered as a security vulnerability.
@gusmano/reext's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.