Malicious campaign uses npm packages to support phishing attacks
Researchers have identified yet another malicious use for JavaScript packages hosted on the npm registry: hosting files required by automated phishing kits or slipping phishing pages into applications that bundle the components.