The world was just coming to terms with the “ua-parser-js” npm library hijacking incident, and Sonatype’s discovery of crypto-mining malware from last week, when we found a bigger, and spookier, issue just in time for Halloween.
Article Link: Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise