It seems there is a spike in malicious repositories being uploaded to bitbucket servers. I wish to add another to the list.
Repository: https://bitbucket.org/lyntrex/trading-view
1. npm lifecycle hook (package.json line 62) - Executes malicious server code during npm install
2. VSCode/Cursor auto-run task (.vscode/tasks.json) - Auto-executes when folder is opened in VSCode/Cursor
3. Obfuscated backdoor (.vscode/spellright.dict) - 3,824 bytes of heavily obfuscated JavaScript
