The package was not the prize.
That is the useful way to read TeamPCP and Vect. The poisoned tooling matters, but only because of what it can touch: CI/CD tokens, GitHub PATs, cloud keys, Kubernetes secrets, release credentials, and the other non-human access most teams do not fully inventory until something is already on fire.
The easy story is package compromise. The harder story is access production.
A malicious package can be removed. A credential harvested from the build path can keep creating risk long after the incident looks closed. That is why “cleanup” and “containment” are not the same word, even if a dashboard would very much like them to be.
Read the full AlphaHunt analysis.