Affected script: "install-scripts:preinstall"
The code makes an HTTP or HTTPS request to a server, transmitting the current user's OS username, Git name, and Git email address, which can be sensitive information. There are also code fragments that copy files within the system, which might be manipulated for harmful aims. The combination of information leakage and internal file operations could be leveraged to prepare or execute an attack on the system or its user.
node ./dist/scripts/postinstall.js
The script is designed to be run after installing a npm package. It logs some information, modifies the package.json file by deleting several script entries and some configurations potentially related to development, and then removes specific directories within the dist/scripts
, dist/data
, dist/resources
, and dist/source
paths. It does not exhibit behaviour that is inherently malicious, such as stealing sensitive information, getting root access, running or downloading remote code, or harming the system directly. However, it's important to ensure that the removal of the mentioned directories and modifications to package.json is intended and doesn't interfere with required functionality or inadvertently break dependencies.
@gusmano/reext
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.