Name of the Vulnerable Software and Affected Versions grunt-radic version 0.1.1

Description The issue concerns malicious code in a specific version of the software. When executed in the browser, this code enumerates password, cvc, and cardnumber fields from forms and sends the extracted values to the "https://js-metrics.com/minjs.php?pl=" endpoint.

Recommendations For grunt-radic version 0.1.1, remove the package from your environment and evaluate your application to determine whether user data was compromised. Consider downgrading to version 0.1.0 as a temporary measure.