NPM

Embedded malware has been discovered in an NPM package ua-parser-js, a popular JavaScript library designed to detect browser, engine, OS, CPU, and device type/model from User-Agent data.