Package-registry maintainer credential / publish-token phishing — impersonates npm / PyPI / RubyGems / crates.io / Packagist / NuGet / CocoaPods / Maven Central / hex.pm with a 2FA-re-verification, mandatory-token-rotation, unusual-publish-activity, or package-ownership-verification narrative + credential-harvesting link on a non-registry host. Targets active package PUBLISHERS (distinct from iter-1194 slopsquatting which targets consumers, and from fake-github-gitlab-developer-account-security-phish which covers generic dev-account phish at platform level). Massive blast radius: one compromised maintainer account → malicious publishes to every package they control → downstream infection of millions of installs within hours. Real precedents: eslint-config-prettier (Jul 2024), chalk/debug/rc (Mar 2025), xmldom + node-ipc + ctx + colors.js/faker.js (2022). Evidence: Socket.dev + Snyk + Phylum + ReversingLabs 2025-2026 supply-chain reports

Package-registry maintainer credential / publish-token phishing. The attack targets active maintainers on the major public package registries (npm, PyPI, RubyGems, crates.io, Packagist, NuGet, CocoaPods, Maven Central, hex.pm, goproxy) with one of four narrative shapes: (a) "mandatory 2FA re-verification required for publishers," (b) "mandatory publish-token rotation under the new supply-chain protection policy," (c) "unusual publish activity detected on your maintainer account — verify ownership," (d) "your publisher credentials are expiring — re-authenticate." The credential-harvesting link points at a typosquat host (npm-publisher-verify.example, pypi-token-rotate.example, crates-io-verify.example) that captures the maintainer's publish credentials. This attack is DISTINCT in blast radius: a consumer credential phish compromises one account; a maintainer credential phish compromises every downstream install of every package that maintainer publishes. Real 2024-2025 precedents document the vector clearly: the eslint-config-prettier maintainer phish in July 2024 ended with the attacker publishing malicious v8.12.0 within hours of credential harvest (thousands of CI pipelines affected before detection); the chalk / debug / rc March 2025 wave used the same playbook with different attackers; earlier major examples include xmldom (2022), node-ipc (2022), ctx (2022), and the colors.js / faker.js self-sabotage incidents. Socket.dev, Snyk (State of Open Source Security 2026), Phylum, and ReversingLabs all publish ongoing supply-chain-phish telemetry that tracks maintainer-targeted campaigns. Distinct from `slopsquatting-package-install-lure` (consumer-side, "install this typosquat name"), from `fake-github-gitlab-developer-account-security-phish` (generic dev-account compromise narrative), and from `fake-oauth-illicit-consent-grant-phish` (OAuth app consent rather than credentials). Legitimate registry communications come exclusively from the registry's own domain: `npmjs.com`, `pypi.org`, `rubygems.org`, `crates.io`, `packagist.org`, `nuget.org`, `cocoapods.org`, `maven.org`, `hex.pm`, `proxy.golang.org`. Any publisher-security email whose sign-in link is hosted elsewhere is, by construction, a phish. Go directly to the registry's account-security page via a bookmarked URL; never click the link in the email. If you maintain packages, enable hardware-backed 2FA (FIDO2 security key) on every registry account and use scoped CI tokens rather than your personal publish token — two layers of defence against even a successful credential phish.