forge-jsxy: 22 Versions of an Actively Developed npm RAT

The actively maintained forge-jsxy npm package is a sophisticated remote access trojan that, over 22 rapid versions, evolved to steal keystrokes, crypto wallets, browser extension databases, and persist outside node_modules—enabling the attacker to continuously upgrade and exfiltrate sensitive data from infected developer machines even after package removal.