Name of the Vulnerable Software and Affected Versions require-port version 1.0.0

Description The issue concerns malicious code in the require-port package, designed to exploit typing mistakes when installing modules. Upon installation, it downloads and executes a file from a remote server, opening a backdoor. This results in the computer being fully compromised.

Recommendations For version 1.0.0, consider the computer fully compromised and remove the package. However, removal may not eliminate all malicious software. Immediately rotate all secrets and keys stored on the compromised computer from a different, secure computer.