Summary:

- A popular NPM package called "node-ipc" was found to contain malware that steals WhatsApp messages from users' devices.
- The malware, called "Peacenotwar," was secretly added to the package by the developer, who claimed it was a "protest" against the Russia-Ukraine conflict.
- This incident highlights the importance of thoroughly vetting and verifying the source and contents of open-source software packages before using them in projects, to prevent potential security breaches.