Mystery of industry-targeting backdoored NPM JavaScript packages solved

Snyk, JFrog, ReversingLabs spend weeks investigating modules that turn out to be pen-test code

Malicious packages in the NPM Registry that security researchers for weeks believed were being used to stage supply-chain attacks against prominent industrial companies in Germany turned out to be part of a penetration test run by a cybersecurity company....