The popular NPM JavaScript package manager and registry has been hit with an influx of malicious packages, the most harmful of which are related to data theft, crypto mining, botnets, and remote code execution, according to research from security company WhiteSource.

WhiteSource’s automated malware detection platform, WhiteSource Diffend, detected a total of 1,300 malicious packages on NPM, within a period of six months ended December 2021. 

All the malicious packages identified by WhiteSource were notified to NPM and were subsequently removed from the package registry.  

To read this article in full, please click here

Read More