Ten malicious packages were uploaded to the Node Package Manager (NPM) index following the infiltration of Toptal's GitHub organization account by hackers, who then exploited this unauthorized access.
Security researchers, upon detecting these harmful packages, promptly informed Toptal, which subsequently purged them from NPM. Toptal is now conducting an investigation into the occurrence, seeking to ascertain the method by which the attackers gained entry to their GitHub account and to implement safeguards to avert comparable incidents in the future.