XZ Redux? Social engineering attacks on OSS intercepted

"These emails implored OpenJS to take action to update one of its popular JavaScript projects to ‘address any critical vulnerabilities'"