Hackers have compromised a JavaScript NPM library with password-stealing
malware. The library, UAParser.js, garners 6 million downloads a week. The
threat came after hackers hijacked UAParser.js’s NPM account. GitHub has warned
users that any device with the package installed should be considered
compromised