Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. “They