Major supply chain attack has occurred through popular JavasSript NPM packages.
The payload is a crypto-clipper that steals funds by swapping wallet addresses in network requests and directly hijacking crypto transactions.
Read more here:
https://jdstaerk.substack.com/p/we-just-found-malicious-code-in-the