Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. Security researchers report that the compromise impacted four packages, with the versions now deprecated on NPM: @cap-js/sqlite – v2.2.2 @cap-js/postgres – v2.2.2 @cap-js/db-service – v2.10.1 mbt – v1.2.48 These packages support SAP's Cloud Application Programming Model (CAP) and Cloud MTA, which are commonly used in ...