
Thousands Fall Victim to Malicious npm Libraries Disguised as Trusted Tools
Threat actors have recently been discovered uploading malicious versions of popular npm packages, specifically targeting typosquatting vulnerabilities. These counterfeit packages, including @typescript_eslinter/eslint and types-node, have accumulated thousands of downloads from developers unaware of their malicious nature.The analysis conducted by Sonatype




