Cybersecurity analysts have uncovered two harmful packages on the npm registry that are intended to compromise another locally installed package, highlighting the ongoing advancement of software supply chain threats aimed at the open-source community.
The packages under scrutiny are ethers-provider2 and ethers-providerz, with the former being downloaded 73 times thus far since its release on