Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information.
Software supply chain firm Phylum, which first identified the « test » packages on July 31, 2023, said they « demonstrated increasing functionality and refinement, » hours after which they were removed and re-uploaded under different
