Chrome still has the reputation, but my own benchmark testing identified the real culprit.
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...