Name of the Vulnerable Software and Affected Versions test-module-a versions (all versions)

Description The issue concerns malicious code in the preinstall script of the affected software, which attempts to hijack packages by adding another maintainer to every package owned by the user. It is recommended to enable 2FA for publishing to further secure maintained packages.

Recommendations Remove the package from your system. If you own any compromised packages, contact npm security immediately at security@npmjs.com. Enable 2FA for publishing to further secure packages you maintain.