Two popular NPM packages with a cumulative weekly download of nearly 22 million have been found to be compromised with malicious code.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code. The two libraries in question are "coa," a parser for command-line options, and "rc," a configuration loader. Both were tampered by an unidentified threat actor to include "identical" password-stealing malware.

Two NPM Packages With 22 Million Weekly Downloads Found Backdoored