Name of the Vulnerable Software and Affected Versions my-very-own-package versions all

Description The issue concerns malicious code in the package that sends sensitive information, including the output of process.versions, process.arch, and process.platform, to a remote server during the postinstall script. There are no reported signs of further compromise beyond this data transmission.

Recommendations Remove the package from your environment.