JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
I ditched my terminal for Claude's built-in code executor, and I'm not going back.