For most developers, broken code raises alarms. This time, the danger came from code that worked exactly as promised.A malicious npm package called lotusbail presented itself as a fully functional ...