Versions of a popular NPM package named ua-parser-js was found to contain malicious code. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system.

According to advisory, users using compromised ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0 should update to the respective patched versions: 0.7.30, 0.8.1, 1.0.1 – github.com.