Name of the Vulnerable Software and Affected Versions commander-js versions all

Description The commander-js package is malicious, designed to exploit typing mistakes when installing modules. Upon installation, it downloads and executes an arbitrary file as a post-install script.

Recommendations For all versions, consider the system compromised if this package is found, and assess the need for further response, such as rotating all credentials on the compromised machine.