[kaelwd]

Removing the entire package is pretty unusual, normally it's only specific compromised versions.

[maury91]

The advisory says all the versions are affected ">= 0"

https://github.com/advisories/GHSA-fh4q-jc76-r59p

[bapak]

Once again proof that advisories are full of etc.

Stylus has been around for 15 (FIFTEEN) years. Obviously the "vulnerability" is a lie.

Npm is known to cause huge losses of money for developers and companies around the world when they pull things like this, blindly applying advisories.