Attackers compromised the Jscrambler npm package and injected infostealer malware that was downloaded nearly 1,500 times, potentially exposing sensitive data from developers who installed the compromised version. You should immediately audit your npm depe
Read the full article: https://www.bleepingcomputer.com/news/security/hackers-backdoor-jscrambler-npm-package-with-infostealer-malware/