Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners.
The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the popular ESLint plugin. It was uploaded to the registry by a user named “hamburgerisland” in February 2024. The package has been downloaded