Snyk has a published code exploit for this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAvoid using all malicious instances of the tqmd
package.
tqmd is a malicious package. This package uses "typosquatting" to bait unaware users to install it. It contains code executed upon installation which downloads and executes a windows executable that allows sending data, installing certificates, and executing and downloading files.
Note: The package runs the malicious script only if the victim’s operating system is Windows