Legally, it may be correct that the passport isn’t proof of citizenship, but for a nation gobsmacked to learn that it isn’t, ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.