Made a package (that I needed personally), to easily reinstall all dependencies (using the same versions) in a project and check them using Aikido's safe chain for malware (supported npm, pnpm, bun, and yarn). It also easily switches a project's package manager to another. https://www.npmjs.com/package/eazypm

Prior discussion https://news.ycombinator.com/item?id=46032539

This is a nasty npm attack. It steals API keys and credits.