@JFrogSecurity on Backlist

Miasma npm supply-chain campaign targets vapi-ai and ai-sdk-ollama

Attackers are using a node-gyp autorun path to compromise popular npm packages without relying on obvious postinstall scripts