Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer.The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by a user named “Kodane” on July 28, 2025. The
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/08/ai-generated-malicious-npm-package.html
