AI Agents in Open-Source Ecosystems: The Malicious npm Package Threat Exposed

Jun 4, 2025 · 4 min read · The discovery of a malicious npm package, "xlsx-to-json-lh," which evaded detection for six years by mimicking legitimate tools, exposes critical weaknesses in open-source ecosystems. This incident arrives amid a surge in AI agent frameworks like Fac...