#typosquatting

Malicious npm Package Targets React Developers with Backdoored Polyfill

A typosquatted npm package mimicking a popular React utility has been downloaded over 47,000 times before removal. The package contained an obfuscated backdoor capable of exfiltrating environment variables and SSH keys.