Last week, Sonatype's automated malware detection systems flagged npm package 'flame-vali' that claims to let developers "bypass any request proxys." But that's not quite the case.
Article Link: npm package disables Windows Defender before dropping trojan