Comment by nosefurhairdo

The malware introduced here is a crypto address swapper. It's possible that even after deleting node_modules that some malicious code could persist in a browser cache.

If you have crypto wallets on the potentially compromised machine, or intend to transfer crypto via some web client, proceed with caution.