Security News NPM package ‘is’ with 2.8M weekly downloads infected devs with malware BleepingComputer Daniel Bender Jul 23, 2025 The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices.