Sonatype Discovers Two Malicious npm Packages

Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two malicious npm packages, sbx-mask and touch-adv, designed to exfiltrate secrets from victims’ computers.

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2026/03/sonatype-discovers-two-malicious-npm-packages/