Malicious NPM Packages Pose as Utilities, Delete Project Directories

Two malicious packages were discovered in the JavaScript package index npm, masquerading as utilities but actually functioning as destructive data wipers that delete entire application directories. These packages, named "rocketmq-dynamic-topic" and "rocketmq-dynamic-queue," were downloaded 22 and 12 times respectively before being removed. The packages contain a malicious script that executes commands to delete files and directories in the user's project. The impacts include data loss and project corruption.