Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user’s browsers and Discord application. Named discord.dll, the malicious JavaScript library is still available via npm, a web portal, command-line utility, and package manager for JavaScript programmers.
Read full article on ZDNet