Malware Manipulates AI Detection in Latest npm Package Breach - Infosecurity Magazine

A malicious npm package, `eslint-plugin-unicorn-ts-2`, engaged in typosquatting to exfiltrate environment variables via a post-install hook to a Pipedream webhook. This malware also incorporated a novel tactic of embedding deceptive prompts to manipulate LLM-based security scanners, aiming to evade automated detection of the supply chain compromise.