A malicious npm package has been caught impersonating one of the JavaScript ecosystem's most widely used build tools. The lookalike package hid a multi-stage Windows remote access trojan (RAT) in a ...