Cybersecurity researchers have discovered a malicious npm package named „@acitons/artifact“ that typosquats the legitimate „@actions/artifact“ package with the intent to target GitHub-owned repositories.
„We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish
https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html