Popular open source package stole user credentials

A widely used open source package, element-data, which boasts over one million monthly downloads, has been found to be malicious. The package was intentionally designed to steal user credentials, posing a significant security risk to its extensive user base. Developers are strongly advised to immediately check their systems for any signs of compromise if they have utilized this package. This incident highlights the ongoing vulnerabilities within the open source ecosystem and the critical need for rigorous security audits of popular libraries.