open-source

Cybersecurity researchers warn of two malicious npm packages, ethers-provider2 and ethers-providerz, designed to alter legitimate installations, providing attackers enhanced access to developer systems. The novel methods underscore the growing sophistication of software supply chain threats.