Technology ❯ Software Development ❯ Package Management ❯ npm Packages
The install-time worm steals developer and cloud credentials and can republish packages, forcing immediate secret rotation and forensic hunts.