Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.| www.sonatype.com
An article detailing the massive bug at the heart of the npm ecosystem; encompassing a lack of validation by the public registry, package manifest inconsistancies & assumptions about package managers & security products| vlt /vōlt/ - blog