Malicious code in ngx-ws (npm)
This package was compromised by the Shai-Hulud NPM worm. The malicious payload steals tokens and credentials and publishes them to GitHub before propogating itself to NPM packages the user owns.
Advisories for Npm/Ngx-Ws package
2025