Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities.

According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by Anthropic's Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/05/malicious-npm-package-stole-files-from.html