Malicious npm Package Targets OpenAI Codex Users and Exposes Supply Chain Risks2. June 2026Claude Code, Cybersecurity, OpenAIAttackers exploited a seemingly legitimate npm package with 27,000 weekly downloads to steal refresh tokens that grant unlimited access to accounts. Share on: