NPM is Now Providing Malware – or was until recently

Password-stealing package outed by security firm evokes sense of déjà vu

Another malicious library has been spotted in the JavaScript-oriented NPM registry, underscoring the continued fragility of today's software supply chain.…

from The Register