“Building on that trend, we are now seeing a new vector emerge: the use of npm malware to directly backdoor developer tools like integrated development environments (IDEs).”
https://socket.dev/blog/malicious-npm-packages-hijack-cursor-editor-on-macos