Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. [...]
Official SAP npm packages compromised to steal credentials
Summary + source link. No paywalls, no tracking.