Three versions of the node-ipc npm package (9.1.6, 9.2.3, 12.0.1) were published following an account takeover of an inactive npm maintainer and contain an infostealer that exfiltrates cloud provider keys, CI/CD secrets, container credentials, SSH keys, and browser tokens via DNS TXT record tunneling. With approximately 690,000 weekly downloads, any organization with Node.js build pipelines or applications carrying node-ipc as a direct or transitive dependency faces active credential exfiltration risk that bypasses HTTP/HTTPS-focused egress monitoring.