An npm package called 'rand-user-agent' was compromised in a supply chain attack, leading to the injection of a remote access trojan (RAT) in unauthorized versions. Despite being deprecated, the package had a significant number of downloads, and users are advised to revert to the last legitimate version and conduct full system scans if they installed the malicious updates. The attack was traced back to an outdated automation token that allowed the unauthorized releases.

Two malicious npm packages, 'express-api-sync' and 'system-health-sync-api,' have been found to act as data wipers that delete entire application directories instead of functioning as advertised utilities. These packages, which have been removed from npm, contained backdoors that allowed attackers to execute destructive commands remotely, raising concerns about potential sabotage or state-level disruptions in the software ecosystem.