Malicious code in clean-order (npm)

The package 'clean-order' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in testdir12345 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9495556846ded2e31945f35514295ac0e4d08659ae81b7dfa225a399fa3522e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...