The npm ecosystem faces a sophisticated new threat as ten malicious packages have emerged, each designed to automatically execute during installation and deploy a comprehensive credential harvesting operation. This attack campaign represents a significant evolution in supply chain compromises, combining multiple layers of obfuscation with cross-platform compatibility to target developers across Windows, Linux, and macOS [...]