AI-Generated npm Malware Leaks Its Own GitHub Token

A malicious npm package named mouse5212-super-formatter masqueraded as an internal sync utility but contained post-install code that authenticated to GitHub (using a hardcoded token), created a repo, and recursively uploaded local files to the attacker's repository; researchers observed multiple theft sessions and advise revoking tokens and treating affected files as compromised.