Name of the Vulnerable Software and Affected Versions requst (affected versions not specified)

Description The requst package is a typosquatted version of a popular package with a similar name, designed to track users who install the incorrect package. Upon installation, it uploads information to a remote server, including the name of the downloaded package, the intended package name, the Node version, and whether the process is running as sudo. There is no further compromise beyond this information upload.

Recommendations Remove the requst package from your dependencies to prevent further tracking. Always ensure package names are typed correctly upon installation to avoid installing typosquatted packages.