Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT).The list of identified packages, is below – aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 downloads) postcss-minify-selector-parser (615 downloads)All the packages were published over the past month by an npm user named
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/06/malicious-npm-packages-pose-as-postcss.html
