Supply chain attacks on the npm ecosystem use IronWorm and Miasma worm variants to steal developer secrets through compromised accounts and malicious binding.gyp files.