This article originally published on my personal website, protsenko.dev.
Malicious packages lurk in NPM and PyPI — especially in NPM. If you’ve built front-end apps, you’ve likely used npm, pnpm, or yarn. You’ve probably tweaked package.json or run ...