You can see in the screenshot that the data is then exfiltrated to a website that the attacker owns. Now, typically, when we see packages like this, they are attempting to perform a dependency confusion attack on a specific company.  I don’t know if Cursor.com has a bug bounty program or a specific background. Still, I would suspect that Cursor has several NPM private packages named “cursor-always-local”, “cursor-retrieval”, and “cursor-shadow-workspace”.  The person who created these packages i...