Big list of npm packages by maintainer qix has been hacked: https://www.npmjs.com/~qix
Notably: debug, chalk
Malware payload here: https://gist.github.com/sindresorhus/2b7466b1ec36376b8742dc711c24db20
Login to reply