A massively popular JavaScript library (npm package) was hacked today and modified with malicious code that downloaded and installed a cryptocurrency miner on systems where the compromised versions were installed.
Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack.