Criminals used a typo-squatting technique and uploaded rogue JavaScript libraries to a popular code repository npm.
Source: Threadpost