Tag
1 article
A typosquatted npm package mimicking a popular React utility has been downloaded over 47,000 times before removal. The package contained an obfuscated backdoor capable of exfiltrating environment variables and SSH keys.