NODE-IPC NPM PACKAGE COMPROMISED IN SUPPLY CHAIN ATTACK

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a widely-used inter-process communication package. The attack represents a significant supply chain threat to npm users.