Affected script: "install-scripts:preinstall"
The script collects sensitive information like the package name, current directory, user's home directory, the hostname, username, DNS servers, and the content of package.json
which may contain sensitive data. It then sends this data to a remote server using a POST request, which can be a significant privacy concern and a potential breach of security if sensitive or proprietary information is exfiltrated. The hostname "ksgm0vnv3pse9kmqq4pzs59p6gc70yon.oastify.com" is likely a stand-in for a real attacker-controlled server and is indicative of an intent to exfiltrate sensitive data.