Two malicious packages were published to the NPM registry named "marked-cs" & "marked-ps". They take advantage of naming inconsistencies in the popular marked-js library & deploy modified gh0strat implants when you install the malicious packages. @npmjs.bsky.social
https://sourcecodered.com/npm-packages-target-marked-js/