A malicious package in the npm open source code repository is hitching a social engineering ride on the “Tailwind” legitimate software library tool, which millions of application developers use around the globe.
Read full article on Dark Reading: Cloud