A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]
New IronWorm malware hits 36 packages in npm supply-chain attack
Summary + source link. No paywalls, no tracking.