The security team at npm (Node Package Manager), the de-facto package manager for the JavaScript ecosystem, has taken down today a malicious package that was caught stealing sensitive information from UNIX systems. The malicious package is named 1337qq-js and was uploaded on the npm repository on December 30, 2019. The package was downloaded at least 32 times, before it was spotted and today by Mi
![Microsoft spots malicious npm package stealing data from UNIX systems](https://cdn-ak-scissors.b.st-hatena.com/image/square/3b3e26ec8904082d62b7d5001d046dd9f0c0f4ba/height=288;version=1;width=512/https%3A%2F%2Fwww.zdnet.com%2Fa%2Fimg%2Fresize%2F4b01351c8c739bf3228f6dcfb1507430d55e1f41%2F2020%2F01%2F13%2F7b52414d-132a-4ef9-b050-0f16e37f433b%2Fnpm.png%3Fauto%3Dwebp%26fit%3Dcrop%26height%3D675%26width%3D1200)