Threat individuals are persistently submitting harmful packages to the npm repository in order to alter pre-existing local versions of authentic libraries, thereby executing malevolent code in what is perceived as a more covert strategy to orchestrate a software supply chain assault. The recently uncovered package, referred to as pdf-to-office, pretends to be a tool for transforming PDF documents into Microsoft Word files. However, in