Bleeping Computer

Dozens of malicious packages on NPM collect host and network data

60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat ...
Bleeping Computer

'everything' blocks devs from removing their own npm packages

Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. The package is quite aptly named as ...