Microsoft spots malicious npm package stealing data from UNIX systems

Malicious JavaScript package was only active on the npm repository for two weeks.