Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation's code.