Name of the Vulnerable Software and Affected Versions reequest versions (affected versions not specified)

Description The issue concerns a typosquatted package named reequest that tracks users who have installed it, thinking it was a different package. It uploads various information to a remote server, including the downloaded package name, intended package name, Node version, and whether the process is running as sudo. There is no further compromise mentioned.

Recommendations Remove the reequest package from your dependencies and ensure package names are typed correctly upon installation.