This hack resulted in literally 100’s of packages to be compromised, signed, and shipped via NPM. It then infected end-users systems, stealing credentials and then wiping hard drives if someone tries to remove it. It then tried used those permissions to submit even more infected packages.

It did this via a clever permissions exploit via a github action. Give this a watch.