CanisterWorm is a type of attack that hides malicious code inside npm packages. When a developer installs an infected package, the malicious code quietly spreads to other packages on their machine — much like a computer worm. It then connects to external servers to receive further instructions or deliver additional payloads. Because those servers are decentralized, they are hard to block or shut down. Any developer or build system that has installed an infected package may be compromised without knowing it.