Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.
The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named « wenmoonx. »
bitcoin-main-lib (2,300 Downloads)
bitcoin-lib-js (193 Downloads)
bip40 (970 Downloads)
« The