A sophisticated phishing campaign has enabled attackers to compromise a maintainer account within the npm ecosystem, triggering one of the largest software-supply-chain breaches recorded. On 8 ...