"another sophisticated supply chain attack targeting #NPM Developers ... the packages initiate encrypted two-way communication with a remote C2 server, transmitting machine information and receiving—and subsequently executing—encrypted JavaScript payloads"

https://blog.phylum.io/sophisticated-highly-targeted-attacks-continue-to-plague-npm/