Malicious npm packages caught installing remote access trojans JavaScript and Node.js developers who installed the jdb.js and db-json.js packages were infected with the njRAT malware.