Most users are likely not even aware of using it.ĭevelopers that have downloaded or installed npm packages during the time period may have received the malware. The project is used directly or indirectly by many web projects. Those were later superseded by benign versions and finally unpublished. Malware was added to a very popular project on npm called ua-parser-js (> 7 million weekly downloads).
