If you're considering PuppeteerSharp for PDF generation, here's the version of the story that doesn't show up in the "getting started" docs.
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...