Name of the Vulnerable Software and Affected Versions exprss (affected versions not specified)

Description The exprss package is a typosquatted version of a popular package with a similar name, designed to track users who install the incorrect package. Upon installation, it uploads information to a remote server, including the name of the downloaded package, the name of the intended package, the Node version, and whether the process is running as sudo. There is no further compromise beyond this information upload.

Recommendations Remove the exprss package from your dependencies and ensure that package names are typed correctly during installation.