12:00
2026-06-20
safedep.io
ai-tools
@withgoogle/stitch-sdk: Scope Squat Harvests Developer Credentials
A malicious npm package named @withgoogle/stitch-sdk impersonates Google's Stitch AI design tool by squatting the @withgoogle scope, harvesting developer credentials from eight sources via a preinstalβ¦