ZDNet

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
TechRadar

These NPM tools are actually just installing malware

Cybersecurity researchers from Check Point have discovered 16 typosquatted packages on the NPM repository that install cryptocurrency miners. NPM is one of the more popular JavaScript repositories, ...