Name of the Vulnerable Software and Affected Versions yeoman-generator version 3.1.1

Description The issue concerns a malicious package designed to exploit users who mistakenly install it due to a typo in the module name. Upon installation, the package downloads and executes a file from a remote server, establishing a backdoor. This results in the computer being fully compromised.

Recommendations For version 3.1.1, remove the package immediately. However, due to potential full control being given to an outside entity, removal may not eliminate all malicious software. Additionally, consider all secrets and keys stored on the compromised computer as exposed and rotate them from a different, secure computer.