Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware calledTurkoRat. The packages named nodejs-encrypt-agent and nodejs-cookie-proxy-agent were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down. ReversingLabs, which broke