In early November 2021, the developer accounts of popular NPM packages coa (over 8 million weekly downloads) and rc (over 14 million weekly downloads) were hijacked, allowing attackers to publish malicious versions that downloaded and installed a version of the Qakbot trojan.
This attack is similar to the ua-parser-js attack.
The coa breach was spotted after build pipelines began crashing, prompting an investigation from NPM. The rc breach was discovered later the same day. Due to the extent of use of both libraries and the fact that the malicious code caused pipelines to fail in some environments, the breaches were spotted quite early (the GitHub thread for coa indicates it was opened 10 minutes after the release). A more sophisticated, "silent" attack along the same vector could have resulted in far more damage.
These attacks was carried out by someone posing as the respective maintainers, and therefore can be classified as "Malicious Maintainer".