Npm package caught stealing sensitive Discord and browser files

Posted on 10 November 2020

From zdnet.com

Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user’s browsers and Discord application.