node-ipc npm package — backdoored via expired-domain account takeover

node-ipc npm package backdoored via expired-domain account takeover; 90+ credential categories exfiltrated; three malicious versions; ~3-minute window to detection (daily 2026-05-16). The defender's learning is the expired-domain account-takeover vector — package-maintainer email domains that lapse become a one-time supply-chain compromise vector. Operational pattern-match: audit npm / PyPI / Cargo dependency trees for packages whose maintainer addresses are at domains your organisation could verify still belong to the original maintainer.