The popular jQuery project has a mysterious sidekick that has popped - 'jquery-lh'. While the npm package does install real jQuery code, behind the scenes it does something fishy and unexpected.
Article Link: What's in your jQuery? Not the fishy 'jquery-lh' we hope!