One line of malicious npm code led to massive Postmark email heist

MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails…