npm supply-chain campaign: 14 typosquats target AWS, Vault, npm tokens
Microsoft says a single maintainer 'vpmdhaj' pushed 14 typosquatted npm packages on May 28 that exfiltrate AWS, ECS, HashiCorp Vault and npm tokens via a Bun-runtime payload.
Microsoft says a single maintainer 'vpmdhaj' pushed 14 typosquatted npm packages on May 28 that exfiltrate AWS, ECS, HashiCorp Vault and npm tokens via a Bun-runtime payload.