Socket Threat Research Team maps a rare inside look at OtterCookie’s npm-Vercel-GitHub chain, adding 197 malicious packages and evidence of North Korean operato…

North Korea's Contagious Interview operation continues infiltrating the npm ecosystem with 197 new malicious packages and over 31,000 downloads. State-sponsored threat actors target blockchain and Web3 developers through fake job interviews and test assignments. The campaign shows thorough adaptation to modern JavaScript and crypto development workflows. Socket's research revealed rare insights into the GitHub infrastructure supporting this activity, including the malicious tailwind-magic npm package. This sustained campaign represents one of the most prolific npm exploitation operations by North Korean actors.