<ul><li>An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository.</li><li>The malicious packages have names that are similar to legitimate ones for code libraries like Puppeteer and Bignum.js.</li><li>Researchers from the security firm Phylum discovered the campaign, highlighting the prevalence of supply chain attacks.</li><li>This attack follows a similar campaign a few weeks ago targeting developers using forks of the Ethers.js library.</li></ul>

Hundreds of code libraries posted to NPM try to install malware on dev machines

Discover more