npm

npm install Just Ran Malware on Your Machine. You Didn't Even Know.

A self-propagating worm is using a blind spot in npm's native build system to execute code the moment you install a package. No install scripts. No warnings. Just binding.gyp.