@evilpacket discovered that a valid NPM token for the Electron account was published to a public NPM package. We addressed this issue by revoking the token. We also performed an audit of all NPM packages published by this account to ensure that malicious packages were not distributed using the leaked token.