Malicious code in box-react-uix (npm)
The box-react-uix package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'box' internal...