Snyk Says ‘Malicious’ NPM Packages Part of Research Project - SecurityWeek

Snyk, a developer security firm, clarified that apparently malicious NPM packages were part of a research project, not intended to be malicious. The packages, designed to study dependency confusion, were removed from the NPM Registry after raising concerns.