Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads.
The packages in question are listed below –

eslint-config-airbnb-compat (676 Downloads)
ts-runtime-compat-check (1,588 Downloads)
solders (983 Downloads)
@mediawave/lib (386 Downloads)

All the identified npm