Multiple hijacked npm cryptocurrency packages exfiltrate sensitive environment variables via obfuscated scripts and pose risks to open source ecosystems.| www.sonatype.com
Mapping of countries and their primary currency.. Latest version: 2.1.7, last published: 5 years ago. Start using country-currency-map in your project by running `npm i country-currency-map`. There are 7 other projects in the npm registry using country-currency-map.| npm
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location.| BleepingComputer
Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware.| BleepingComputer
An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system.| BleepingComputer