Security researchers discovered 73 malicious npm packages disguised as legitimate AI tools. These packages immediately execute a credential-stealing malware upon installation, posing a significant risk to developers, especially those working with AI agents. This incident highlights the ongoing threat of supply chain attacks within the developer ecosystem.
Opening Kapyn…