PhantomRaven Attack

Researchers say attackers exploited npm's remote dynamic dependencies to hide install-time payloads that steal developer credentials.