Socket's threat researchers have uncovered a package lurking in npm for six years that awaits a remote command to wipe ...

All malicious npm packages carried identical payloads for snooping sensitive network information from developers’ systems.