Eben gelesen:
Software packages with more than 2 billion weekly downloads hit in supply-chain attack
Incident hitting npm users is likely the biggest supply-chain attack ever.
arstechnica.com
npm Author Qix Compromised via Phishing Email in Major Suppl...
npm author Qix’s account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
socket.dev
Diese Artikel beinhalten Liste mit betroffener Software. Ggf könnten auch andere Pakete betroffen sein, in Abhängigkeit der betroffenen NPM-Pakete.
