Cybersecurity analysts have identified a harmful npm package that was created with artificial intelligence (AI) and hid a cryptocurrency wallet extractor.
The package, @kodane/patch-manager, asserts to provide “sophisticated license verification and registry enhancement tools for high-efficiency Node.js applications.” It was submitted to npm by an individual named “Kodane” on July 28, 2025. The