{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreic6x6libitrhjpjieqhafrcby2wlikw3xf6qdzsw47lqidja2wuvy",
    "uri": "at://did:plc:z3a345rn6njmxg2o5lxmj3en/app.bsky.feed.post/3mk3ofjprikj2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiadtmzsvvpul3awapimxelxvoaipmfm5uhmh5ucyo3gtgj7h6tcce"
    },
    "mimeType": "image/jpeg",
    "size": 146585
  },
  "path": "/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/",
  "publishedAt": "2026-04-22T12:57:42.000Z",
  "site": "https://www.bleepingcomputer.com",
  "tags": [
    "Security"
  ],
  "textContent": "A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. [...]",
  "title": "New npm supply-chain attack self-spreads to steal auth tokens"
}