The malware packages had names that were common typosquats of a legitimate widely used Python library. One was downloaded hundreds of times.

ReversingLabs said it found 31 npm libraries that contained obfuscated JavaScript code that would steal web form data

Researchers at ReversingLabs have uncovered evidence of a widespread software supply chain attack through malicious JavaScript packages picked up via NPM

Co-Founder and CEO of ReversingLabs, which helps cybersecurity teams gain insights into malware infected files and objects

ReversingLabs found more than two dozen npm modules dating back six months

The packages are designed to steal from data from individuals using applications or websites where the malicious packages have been deployed.