Legitimate npm package compromised by STARDUST CHOLLIMA to poison open-source supply chains.
Compromised by the Lazarus group during Operation DangerousPassword to inject trojanized code into downstream applications.
Widely used HTTP client for JavaScript targeted in a supply chain attack to deploy a backdoor on macOS devices.