Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems.
"Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/03/nine-year-old-npm-packages-hijacked-to.html