Name of the Vulnerable Software and Affected Versions uglyfi.js version 0.17.3

Description The issue concerns a malicious package designed to exploit typographical errors when installing modules. Upon installation, it downloads and executes a file from a remote server, establishing a backdoor. This results in the computer being fully compromised.

Recommendations For version 0.17.3, consider the computer fully compromised and take immediate action to rotate all secrets and keys from a different computer. Remove the package, but be aware that this may not eliminate all malicious software installed as a result.