Security vulnerability

Kaspersky Internet Security detected a threat when I installed this with pnpm:

https://threats.kaspersky.com/en/threat/Hoax.JS.ExtMsg/?orig=Hoax.JS.ExtMsg.a

It didn't say which of your dependencies is affected, other than it being found in `es5-ext-main`.
