npm debug and chalk packages compromised (Aikido)

The Aikido blog describesan apparently ongoing series of phishing attacks against npm packagemaintainers, resulting in the uploading of compromised versions of heavilyused packages:

All together, these packages have more than 2 billion downloads perweek.

The packages were updated to contain a piece of code that would beexecuted on the client of a website, which silently interceptscrypto and web3 activity in the browser, manipulates walletinteractions, and rewrites payment destinations so that funds andapprovals are redirected to attacker-controlled accounts withoutany obvious signs to the user.