Malicious NPMs install njRAT
https://www.bleepingcomputer.com/news/microsoft/malicious-npm-packages-used-to-install-njrat-remote-access-trojan/
New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer.
NPM is a JavaScript package manager that allows developers and users to download packages and integrate them into their projects.