The discovery of a malicious npm package, "xlsx-to-json-lh," which evaded detection for six years by mimicking legitimate tools, exposes critical weaknesses in open-source ecosystems. This incident arrives amid a surge in AI agent frameworks like Fac...
