Three npm packages identified by Sonatype this week conceal malware in "travis.yml," a CI/CD build configuration file used by Travis CI. These packages contain metadata, description, and code copied from the legitimate "cli-width" package but instead deploy malicious macOS binary, disguised as "Safari updates."

Article Link: Npm packages conceal macOS malware in 'travis.yml' files, drop bogus "Safari Updates"