Confirmed malicious package as part of coordinated supply chain attack targeting npm ecosystem

Note: This report is updated by a verification record

Part of the Shai Hulud Second Coming supply chain attack campaign. This malicious package was designed to steal credentials and exfiltrate sensitive data from developer environments.