Name of the Vulnerable Software and Affected Versions requiest (affected versions not specified)

Description The issue involves a typosquatted package that tracks and uploads user information to a remote server, including the name of the downloaded package, the intended package, the Node version, and whether the process is running as sudo. There is no further compromise beyond this information upload.

Recommendations Remove the package from your dependencies and ensure package names are typed correctly upon installation.