The two exploited NPM packages, both uploaded in July, are: colortoolsv2. mimelib2. The dangerous code allowed the malware to evade security detection and ask for the next-stage p ...