Numerous harmful packages have been discovered within the npm, Python, and Ruby package repositories that siphon resources from cryptocurrency wallets, obliterate complete codebases following installation, and exfiltrate Telegram API tokens. This once again highlights the diverse range of supply chain risks present in open-source environments.
These revelations stem from several reports released by Checkmarx,