Groundhog day: NPM package caught stealing browser passwords(blog.secure.software)
blog.secure.software
Groundhog day: NPM package caught stealing browser passwords
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
I think this should be enough to declare it "malware", no? Why would one put a Windows (or any other) executable into repository for Javascript packages except to be malicious?