Schlagwort: package security


  • Anatomy of the September 2025 npm Supply-Chain Attack

    Introduction On September 8, 2025, the Node.js ecosystem faced one of the largest supply-chain attacks in npm history. Popular packages like debug and chalk were temporarily compromised and published in malicious versions. Given their massive adoption, this incident raised alarms across the open-source community. Although the malicious packages were live for only about two hours,…