tr-23-243-003 (1)

12187383682?profile=RESIZE_400xCybersecurity researchers have discovered new malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information.  The npm registry is a public database of JavaScript packages that developers use to contribute packages to the community or download packages for their own projects.  The default npm public registry is found at https://registry.npmjs.org. npm is configured to use this registry by default, but it can be configured to use any compatible regi