The malicious npm package named crypto-encrypt-ts, which masqueraded as a legitimate revival of the widely used CryptoJS library, accumulated nearly 1,928 downloads before analysis revealed its stealthy, data-harvesting nature.
July 8, 2025
Get the latest cybersecurity stats delivered to your inbox every week
Browse more stats from Sonatype or explore Open source
Join 1,000+ security professionals getting weekly insights