Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation’s code.
First seen on hackread.com
Jump to article: hackread.com/fake-npm-package-downloads-github-credentials/
