We founded 4 SAP packages which were actually published today with a malicious preinstall hook. packages are cap-js/sqlite, cap-js/postgres, cap-js/db-service, and mbt The payload is stealing GitHub tokens, npm tokens or AWS/Azure/GCP credentials, and then uses the stolen GitHub token to commit back into the victim's own repos which in return dropping a vs code tasks.json that re runs the attack every time someone opens the project.

the interesting thing we found that the attacker modified CI workflow to extract an OIDC token and publish to npm directly which bypass the normal release pipeline entirely. The malicious versions have zero SLSA attestations otherwise the legit ones have two. If you run any of these packages, rotate everything now please