Security News Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools TheHackerNews Daniel Bender 02 Dec 2025 Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a post-install script.
