Npm Package Hides Malware in Steganographic QR Codes

The poisoned package, purporting to be a JavaScript utility, threatens the software supply chain with a highly obsfuscated credential stealer.