The npm security team has removed today a malicious JavaScript library from the npm website that contained malicious code for opening backdoors on programmers’ computers.
https://www.zdnet.com/article/malicious-npm-package-opens-backdoors-on-programmers-computers/
origin - https://www.pipiscrew.com/2020/11/malicious-npm-package-opens-backdoors-on-programmers-computers/ malicious-npm-package-opens-backdoors-on-programmers-computers