Malware once again a headache for npm – Security

Fortiguard Labs has warned of several malicious packages in Node Package Manager (npm), the largest JavaScript software registry. The packages, which generally had innocent-sounding names, aimed to extract sensitive user data or intellectual property via a webhook, file-sharing link and HTTP GET requests, before these details were uploaded to an FTP server. Despite the threat, malware continues to be a hazard for public software registries.