https://www.bleepingcomputer.com/news/microsoft/malicious-npm-packages-used-to-install-njrat-remote-access-trojan/

New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer.

NPM is a JavaScript package manager that allows developers and users to download packages and integrate them into their projects.