Affected script: "install-scripts:preinstall"
The code collects sensitive information including the project's directory, home directory, hostname, username, DNS servers, resolved package URLs, package version, and the entire package.json content, and sends it to a remote server. The hostname used in the options
object suggests it is sending the data to a potentially malicious external server. This kind of behavior could be used to exfiltrate sensitive system information, potentially compromising the security of the system and the privacy of its users.