Name of the Vulnerable Software and Affected Versions requset (affected versions not specified)

Description The issue concerns a typosquatted package named requset that mimics a popular package of a similar name. Upon installation, this package tracks and uploads user information to a remote server, including the name of the downloaded package, the intended package name, the Node version, and whether the process is running as sudo. There is no further compromise beyond this information upload.

Recommendations Remove the requset package from your dependencies. Always ensure package names are typed correctly upon installation to avoid similar issues.