Snyk has a published code exploit for this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAvoid using all malicious instances of the express-yandex-send-limit
package.
express-yandex-send-limit is a malicious package. This is a typo-squatting attack, which means the package name is based on the existing repositories, namespaces, or components. It aims to trick users into downloading a package that contains malicious code.
This targets popular Yandex packages and contains malicious code in the preinstall command which allows sending sensitive information about the system and user to a remote server.