Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens and environment variables from compromised systems, more than two months after17 similar packageswere taken down. The libraries in question leveraged typosquatting techniques and masqueraded as other legitimate packages such as colors.js,