A dramatic spike in npm-focused intrusions reveals a shift from opportunistic typosquatting to systematic, credential-driven supply chain compromises targeting maintainers, CI pipelines, and the trusted automation that underpins modern DevOps pipelines.