active npm exploits
2025-03-28 22:28:43.35391+01 by Dan Lyke 0 comments
Infostealer campaign compromises 10 npm packages, targets devs.
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems.
...
All these packages, except for country-currency-map, are still available on npm, with their latest versions designated above, so downloading them will infect your projects with info-stealer malware.
So you can't just npm upda... wait a minute...