JFrog Security's research team identified a targeted software supply chain attack on the npm Registry, wherein malicious packages were uploaded under the @azure scope through a typosquatting method. This attack involved creating packages with names similar to legitimate ones, minus the @azure prefix, leading to the potential theft of personally identifiable information (PII) from developers who might inadvertently install these packages. The malicious packages, totaling over 200, were quickly removed after being reported to npm maintainers. The attack likely aimed at both general npm users and possibly internal Microsoft/Azure networks, utilizing automated scripts to obscure the attack's origin and high version numbers to suggest a dependency confusion attack. JFrog Xray users are protected from such attacks, and Azure developers are advised to verify their package installations. The swift detection and response by npm maintainers highlight the importance of ongoing vigilance and improvements in security measures against the increasing trend of supply chain attacks.