JavaScript Ecosystem

Phished npm Maintainer’s Packages Used in Crypto-Clipping Attack as Rapid Takedown Limits Damage

The breach began with a fake npm 2FA reset that let attackers push malicious updates to widely used libraries.