Hundreds of code libraries posted to NPM try to install malware on dev machinesMalicious packages can be traced via the immutable Ethereum blockchain, revealing a history of IP addresses used by attackers.