Name of the Vulnerable Software and Affected Versions experss (affected versions not specified)

Description The issue concerns a typosquatted package that tracked users who installed it by mistake, thinking it was a similarly named popular package. It uploaded various information to a remote server, including the downloaded package name, the intended package name, the Node version, and whether the process was running with sudo privileges. There is no indication of further compromise.

Recommendations Remove the experss package from your dependencies and ensure that package names are typed correctly during installation.