Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

A malicious package typosquats the legitimate "actionsartifact" package with the intent to target GitHub-owned repositories. "We think the intent was to have this script execute during a build of a GitHub- owned repository, exfiltrate the tokens available to the build environment