Severity: Critical
CVSS Score: 10
All versions of `evil-package` contain malicious code. The package uploads the contents of `process.env` to `example.com/log`. ## Recommendation Remove the package from your environment. Given the host where the information was uploaded to there is no further indication of compromise.