Security Researchers Spot 150,000 Function-less npm Packages in Automated ‘Token Farming’ Scheme
An anonymous reader shared this report from The Register:

Yet another supply chain attack has hit the npm registry in what Amazon describes as “one of the largest package flooding incidents in open source registry history” — but with a twist. Instead of injecting credential-steal … ⌘ Read more