Affected script: "install-scripts:preinstall"
The script is leaking system user information, Git user configuration, and attempts to contact an external server with this information, posing a significant privacy and security risk. Additionally, contacting arbitrary servers could be used to download and execute harmful code.
@gusmano/reext's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.