New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
NPR

Code Switch

March 4, 2026 • We all know what gentrification looks like IRL — boxy, corporate-owned apartment complexes, places to get a quick bowl for lunch, streets that are dubbed "cleaner" and "safer" (even at ...