The malicious npm package "crossenv" scans for environment variables and posts them to a server, posing a significant threat to users with secret credentials stored in their environment variables. A list of other potentially malicious packages has been compiled by Ivan Akulov, which should be checked for in projects. To scan for infected projects, a command can be executed using `find` and `xargs`, or a PowerShell script on Windows. If a malicious package is detected, the user's secrets should be rotated immediately, and they should inform others who may have access to the shared project. Users are advised to report any found malicious packages to npm to help prevent future attacks.