CISA warns of trojanized versions of JavaScript library’s NPM package