Huge NPM Supply Chain Attack Goes Out With Whimper

Threat actors phished Qix's NPM account, then used their access to publish poisoned versions of 18 popular open source packages accounting for more than 2 billion weekly downloads.