npm-sentinel Detects 21 Malicious npm Packages in 24 Hours

A security tool called npm-sentinel detected 21 malicious npm packages across 11 campaigns within 24 hours. The packages employed four new attack methods: intercepting LLM API calls via postinstall scripts, distributing encrypted backdoors for AI assistants, using AI agents as remote access tools, and weaponizing Redis to write shell payloads and extract raw disk data. None of the packages were flagged by existing public scanners at the time of discovery. All indicators of compromise (IOCs) and payload details are documented in the report.