Research have identified two packages on the npm registry that concealed code to execute commands from a remote server.

Researchers have identified two packages on the npm registry that concealed malicious code to executive commands from a remote server. The malicious code was hidden within three image files. The packages were designed to impersonate a legitimate package, but contained altered files with the malicious code. The packages have been taken down by the npm security team.

Read more:

https://thehackernews.com/2024/07/malicious-npm-packages-found-using.html