Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. […]
from https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-infect-hundreds-via-npm-packages/