Check your dependencies: GitHub's npm finds nasty Trojan packages - TechBeacon

The moral of the story? Code reuse is a wonderful thing. But only if you trust ALL the code you’re reusing.

Our favorite JavaScript package manager, #npm (@npmjs), has ’fessed up to hosting four highly malicious packages for up to 18 months. And it’s not the first time the @GitHub-owned registry has had to kick code from dodgy devs. https://t.co/svpAWjDBAx

1/…

— @Richi Jennings (@RiCHi) October 22, 2020