JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
This might just be the writing hack you've been waiting for all along.
It takes everything I like about VS Code and pushes it further ...