At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to arecent barrage of malicious softwarehosted and delivered through open-source software repositories such as PyPi and RubyGems. DevOps firm JFrog said the libraries, now taken down, were designed to grab Discord access tokens andenvironment variablesfrom users’ computers as well as gain full control