Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month. These packages disguise themselves as legitimate JavaScript libraries but were caught launching cryptominers on Windows, macOS and Linux machines.
Article Link: Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices