<ul><li>17 NPM packages with more than a million weekly downloads were compromised to deliver a RAT, potentially impacting a vast number of users.</li><li>Cybersecurity experts warn of a possible major supply chain attack as malicious code was discovered in popular Gluestack packages.</li><li>The affected packages, including @react-native-aria and @gluestack-ui, have been deprecated, but users are advised to remain cautious.</li><li>Access tokens were revoked by Gluestack to prevent further harm, and the compromised tools are marked as deprecated on NPM.</li></ul>

Popular NPM packages with over a million downloads hit by malware

Discover more