Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation's code.

Deeba Ahmed

Source: HackRead
Source Link: https://hackread.com/fake-npm-package-downloads-github-credentials/