The discovery of malicious npm packages like xlsx-to-json-lh—a six-year-old typosquatting artifact mimicking the legitimate xlsx-to-json-lc—alongside broader campaigns involving 60+ packages, underscores systemic vulnerabilities in npm's security mod...
