In a dramatic escalation of supply chain threats against the JavaScript ecosystem, attackers have leveraged a typosquatted phishing site to steal npm maintainer tokens and inject malicious code into critical development tools.
The incident, first flagged by maintainers of the eslint-config-prettier repository, involved four...