The malware called “xpc.js” includes next-generation machine learning algorithms that automatically detect potentially malicious activity associated with open source ecosystems.