SANDWORM_MODE: Typosquatted npm Packages Used to Hijack CI Workflows