Crypto Miner Attack

[naveensrinivasan]

The package analysis should capture and warn about this kind of attack https://github.com/faisalman/ua-parser-js/issues/536

[DanielRuf]

• the password stealer (the dll), see my last comment: https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-950184949

The maintainer probably did not enforce 2FA for npm releases on npmjs.com.

[calebbrown]

147 would solve this issue, as might #97.

Closing as this is about a specific example.