Compromised npm packages linked to SAP are being used to steal developer credentials.
The malicious code executes during installation, targeting tokens, environment variables, and CI/CD systems—highlighting ongoing risks in open-source supply chains.
sctocs.com/sap-npm-pack...
SAP-related npm packages compromised in a credential-stealing supply chain attack, exposing risks in open-source dependencies and developer ecosystems.
