#remote-dynamic-dependency

#remote-dynamic-dependency

A PhantomRaven supply-chain campaign on npm uses attacker-hosted remote dynamic dependencies to steal developer authentication tokens, CI/CD secrets, and GitHub credentials.