PhantomRaven Malware Evades npm Security with Invisible Dependencies
A sophisticated npm malware campaign dubbed PhantomRaven has infected 126 packages with 20,000 downloads. The attack uses clever remote dependency techniques to bypass security scans and steal developer credentials.