New Attacks Exploit VSCode Extensions and npm Packages

Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains