Severity: Critical
CVSS Score: 10
All versions of `m-backdoor` contain malicious code. The package downloads a file from a remote server and executes it as a preinstall script. At the time of the release of this advisory the downloaded file only defaces websites by removing elements randomly from the DOM. ## Recommendation Remove the package from your system.