Severity: Critical
CVSS Score: 9.8
All versions of `malicious-do-not-install` contain malicious code. The package copies the contents of `/etc/passwd` and `/etc/shadow` to files in the local `/tmp/` folder. ## Recommendation Remove the package from your environment and rotate affected credentials.