Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. [...]

https://www.bleepingcomputer.com/news/security/official-sap-npm-packages-compromised-to-steal-credentials/