A supply chain attack involving fake Claude Code npm packages, detailing how attackers abuse lifecycle scripts to achieve remote code execution and steal sensitive data.