The initial step of this recent wave of npm hacks started with Qix being hacled, then another dev so it was not a long term infiltration like the xz utils attack last year https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack