Someone compromised SAP's NPM packages and used the CI pipeline against itself