ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later version included a postinstall script that downloaded and executed a backdoor payload. The package's history demonstrates the challenges of monitoring open source repositories for threats, and RL introduced Spectra Assure Community to help developers assess package risks.