Thousands Download Malicious npm Libraries Impersonating Legitimate Tools – [email protected] (The Hacker News)

– [[{“value”:”Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.
The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively.
“While typosquatting attacks are”}]]  – Read More  – The Hacker News