Two malicious npm packages (naya-flare and nvlore-hsc) contain dangerous kill-switches capable of executing targeted file deletion. These packages contain legitimate WhatsApp socket libraries to deceive WhatsApp developers, but can be extremely destructive to development environments.