ZDNet

Malicious npm package opens backdoors on programmers' computers

The npm security team has removed today a malicious JavaScript library from the npm website that contained malicious code for opening backdoors on programmers' computers. The JavaScript library was ...
Bleeping Computer

npm Pulls Malicious Package that Stole Login Passwords

A malicious package was removed today from the npm repository after it was discovered that it stole login information from the computers it was installed on. The npm repository is a popular online ...