Affected script: "install-scripts:preinstall"
This script collects system and user information and makes a POST request to a remote server. It includes information such as:
The name of the package (package
),
The directory name of the script (__dirname
),
The home directory of the current user (os.homedir()
),
The hostname of the operating system (os.hostname()
),
The username of the current user (os.userInfo().username
),
DNS server information (dns.getServers()
),
Information from the package.json
file of the package,
The ___resolved
field if exists in the package.json
.
This information is then sent to a remote server ("qpjw7bvg5ov51rua11o4fv7lnct3ht5i.oastify.com") via HTTPS. This could lead to various security threats like privacy invasion, identity theft, or more, depending on what the remote server does with the collected data.