Severity: Critical
CVSS Score: 9.8
Version 1.0.3 of `pizza-pasta` contains malicious code as a install scripts. The package created folders in the system's Desktop and downloaded an image from `imgur.com`. The package also printed the users SSH keys to the console. ## Recommendation Remove the package from your environment. There are no evidences of further compromise.