From VSCode Marketplace to npm Initially detected by ReversingLabs in the VSCode Marketplace, the campaign expanded to the npm ecosystem in late 2024. One example of the latest malicious npm packages ...