JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Here is an example configuration file that includes the appropriate scripts for launching the MCP Server: { "mcpServers": { "mcp-census-api": { "command": "bash ...