Software developers are increasingly being targeted by supply chain attacks. NPM, node package manager, hosts almost 9M packages, which in turn consist of 1.7 billion files, or just under 37.5TB worth of data. Among these packages is a password recovery tool called WebBrowserPassView. It is used to recover website login information stored by Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera browsers. The analysis took slightly under 6 days and 16 hours to complete, during which weve collected, and indexed, around 1.6TB of metadata.”]
Source: https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords