Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node ...
Both tools have a point, just different ones ...