Cybersecurity analysts have discovered three harmful packages in the npm registry that pretend to be a widely used Telegram bot library but contain SSH backdoors and features for data exfiltration.
The packages under scrutiny are as follows –

node-telegram-utils (132 downloads)  
node-telegram-bots-api (82 downloads)  
node-telegram-util (73 downloads)  

In accordance with supply chain