Lotusbail npm package found to be harvesting WhatsApp messages and contacts

[morshu9001]

If you're distributing something that uses this package, it's not just your dev computer at risk, it's all the users.

[llmslave2]

I'm aware thanks, but if your company is doing the standard practice of using 10k dependencies for some JS webslop you don't really have any other options but to protect yourself.