JFrog found 6 npm packages posing as Rollup polyfills. They install a second-stage package via CJS require(), not postinstall, then pull a RAT through JSONKeeper.
North Korean Famous Chollima has released 26 npm packages as an extension of the Contagious Interview campaign. Hiding C2 with zero-width Unicode characters in a Pastebin essay and deploying a 9-module RAT via 31 Vercel deployments.