A massively popular JavaScript library (npm package) was hacked, and modified with malicious code that downloaded and installed a password stealer and cryptocurrency miner, writes Catalin Cimpanu.

Here is the link: https://therecord.media/malware-found-in-npm-package-with-millions-of-weekly-downloads/