The first four files are LevelDB databases specific to browsers like Chrome, Opera, Yandex Browser, and Brave. These files usually store information specific to a user's browsing history.
The last file was a similar LevelDB database but for the Discord Windows client, which similarly stores information on the channels a user has joined, and other channel-specific content.
Of note is that the malicious package did not steal other sensitive data from the infected developers' computers, such as session cookies or the browser database that was storing credentials.
The malicious package appears to have been performing some sort of reconnaissance, gathering data on victims, and trying to assess what sites the infected developers were accessing, before delivering more targeted code via an update to the package later down the road.
The npm security team advises that developers remove the malicious package from their projects.
The malicious package was available on the site for two weeks, during which time it was downloaded nearly 300 times.
What's in a name? These DevOps tools come with strange backstories