Hackers have compromised a JavaScript NPM library with password-stealing malware. The library, UAParser.js, garners 6 million downloads a week. The threat came after hackers hijacked UAParser.js's NPM account. GitHub has warned users that any device with the package installed should be considered compromised