Just last week we saw the popular npm package `ua-parser-js` get hijacked. Malicious actors gained access to the project maintainer’s npm account and published malicious versions that attempted to install a cryptominer on the compromised system and download a malicious DLL in charge of stealing credentials.
Article Link: NPM Hijackers at it Again: Popular ‘coa’ and ‘rc’ Open Source Libraries Taken Over to Spread Malware