Malicious npm Packages Target React, Vue, and Vite Ecosystems with Destructive Payloads socket.dev/blog/mali…

Socket’s Threat Research Team discovered a collection of malicious npm packages that deploy attacks against widely-used JavaScript frameworks including React, Vue.js, Vite, Node.js, and the open source Quill Editor. These malicious packages have remained undetected in the npm ecosystem for more than two years, accumulating over 6,200 downloads. Masquerading as legitimate plugins and utilities while secretly containing destructive payloads designed to corrupt data, delete critical files, and crash systems, these packages remained undetected.