Another npm supply chain attack. Hopefully npm will add measures to make installing ...

Why Nostr? What is Njump? Join Nostr

Axel Rauschmayer

npub10f…ardvy

2025-09-16 00:05:34 UTC

Another npm supply chain attack. Hopefully npm will add measures to make installing packages safe(r) again. pnpm has already added one (*).
https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages

(*) https://github.com/pnpm/pnpm/releases/tag/v10.16.0

Author Public Key

npub10faqj7xvgmhhl42glvf9u5wqfhnafjnrjst6yx6k4227xugupvuqzardvy

Seen on

wss://relay.momostr.pink

Show more details