Original link: Supply chain attack hits npm package with 45,000 weekly downloads / BleepingComputer.
It is a dangeorus world out there.