Infectious NPM and PyPI Packages Raise Fresh Supply Chain Concerns

Security researchers have laid bare an ongoing attack campaign that specifically targets the npm ecosystem via a pair of malicious packages. Meanwhile, another researcher group reported seven malicious PyPI packages. Developers, package maintainers, and users must remain diligent in verifying the integrity and authenticity of packages before installation.