JFrog researchers found 17 malicious packages in the npm repository that intentionally seek to attack and steal a user’s Discord tokens.
Article Link: Malware distribution in public repositories highlighted by malicious npm packages stealing Discord tokens | ZDNet