NPM Malware Alert: `@lanyer640/mcp-runcommand-server` with Reverse Shell

Checkmarx Zero reports that the NPM package @lanyer640/mcp-runcommand-server was found to contain malicious code beginning in version 1.0.6: a preinstall-triggered reverse shell that connects to 45.115.38.27:2333, enabling remote command execution upon npm install. NPM removed the package from the public registry, but private caches may still distribute it; the advisory includes detection scripts, IOCs, and recommended mitigations such as blocking the package, network controls, and inventory scans.