Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. [...]

https://www.bleepingcomputer.com/news/security/hackers-breach-toptal-github-account-publish-malicious-npm-packages/