Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems.
First seen on bleepingcomputer.com
Jump to article: www.bleepingcomputer.com/news/security/infostealer-campaign-compromises-10-npm-packages-targets-devs/
