Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Empower your AI agents (like Cline) with the ability to securely read and extract information (text, metadata, page count) from PDF files within your project context using a single, flexible tool.

The two exploited NPM packages, both uploaded in July, are: colortoolsv2. mimelib2. The dangerous code allowed the malware to evade security detection and ask for the next-stage p ...