https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-npm-package-with-45-000-weekly-downloads/ > An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system. > The 'rand-user-agent' package is a tool that generates randomized user-agent strings, which is helpful in web scraping, automated testing, and security research.