Security News 10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux TheHackerNews Daniel Bender 29 Oct 2025 Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 downloads.
