Short answer: yes
Others have been affected by it this weekend: Missing and mysterious new flows
It comes as a result of you exposing node-red on the internet with no security applied.
Without doing a careful examination of what that script does, the only safe way to be sure is to reinstall the server. And make sure you secure node-red properly before considering exposing it on the internet. If you removed it without securing node-red, there's nothing stopping them from redeployed their flow.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy