Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Phishing campaign targeted popular npm packages via a phishing campaign. Project maintainers' tokens were stolen and used to publish malicious versions of the packages to the registry without any source code commits.