A widespread supply chain attack compromised over 40 npm packages by injecting malicious code that steals developer credentials. The attack uses a function to modify packages and inject a script that searches for and exfiltrates sensitive information like GitHub, AWS, and GCP credentials. Malicious GitHub Actions workflows are then created to maintain persistence and continue credential theft during CI/CD processes.