JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it took to undermine npm packages

Date: 2025-09-09 16:49:29

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.