Npm package caught stealing sensitive Discord and browser files

From zdnet.com

Discord

Security researchers at Sonatype have discovered today an npm package (JavaScript library) that contains malicious code designed to steal sensitive files from a user’s browsers and Discord application.

Read more…