The CISA has issued an alert regarding a significant software supply chain compromise affecting npm, exposing sensitive credentials and endangering various cloud services.