Security companies flagged [email protected] and 0.30.4 as compromised, urging credential rotation and rollback of affected packages.