Two npm packages, @rspack/core and @rspack/cli, were compromised in a supply chain attack, allowing the publication of malicious versions containing cryptocurrency mining malware. The attack targeted specific countries and aimed to execute XMRig cryptocurrency miner on Linux hosts. The malicious versions have been unpublished, and version 1.1.8 is now considered safe. The incident highlights the need for stricter safeguards in package managers to protect developers. The Rspack project maintainers have taken steps to secure their infrastructure, including invalidating tokens and auditing source code. An investigation into the root cause of the token theft is ongoing.