When `npm install` Drains Your Wallet: A Bitcoin-Grade Defense Playbook for the Supply Chain Worm Era

Learn how the CanisterWorm and the trojanized Bitwarden CLI now scrape Bitcoin wallet files straight off your dev laptop, and how to enforce hardware separation, signed releases, and a no-secrets-on-host workflow before the next poisoned package hits.