Original link: Trojanized jQuery Packages Spread via 'Complex' Supply Chain Attack / DarkReading.
As usual: be careful what to include in builds!!