Name of the Vulnerable Software and Affected Versions saync (affected versions not specified)

Description The issue concerns a typosquatted package named saync that mimics a popular package of a similar name. When installed, it tracks users and uploads information to a remote server, including the name of the downloaded package, the intended package name, the Node version, and whether the process is running as sudo. There is no further compromise beyond this information upload.

Recommendations Remove the saync package from your dependencies and ensure that package names are typed correctly during installation to prevent similar issues.