Another case of malicious NPM packages: jfrog.com/blog/large-sca
This time it's targeting Azure devs.
Contrary to previous incidents, that's not a popular package that's been compromised. Instead, the attackers are typosquatting the package name.
Conversation
They created hundreds of packages with the same name as an existing azure scope package, but drops the scope name "".
More than 200 packages are impacted. The full list is available at the end of their blog post