Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. [...]
Popular node-ipc npm package compromised to steal credentials
Summary + source link. No paywalls, no tracking.