Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
For documentation see MODULARIZATION.md. You should not expose these access tokens in publicly-accessible source code where unauthorized users might find them. Instead, you should store them somewhere ...