This is an instance of supply chain attack that targeting opensource software repositories, where 2 popular NPM packages were found to be compromised with malicious code.
The 2 libraries, "coa" (parser for command-line options) and "rc" (configuration loader), both of which were tempered to include password stealing malware. Additional analysis of the dropped malware samples show it be a DanaBot variant which is a Windows malware for stealing credentials and passwords.
Last month, there is a similar incident where a compromised NPM libraries (UAParser.js) was found.
Links:
- https://thehackernews.com/2021/10/popular-npm-package-hijacked-to-publish.html