RC RANDOM CHAOS

package compromise

2 posts

npm registry shipped 314 compromised packages
Article

npm registry shipped 314 compromised packages

314 npm packages were compromised because the consumer install path does not verify publisher identity. The boundary failed at install, not registry.

npm was never a trust boundary
Article

npm was never a trust boundary

Technical analysis of the Shai-Hulud npm supply chain attack hitting 314 packages including echarts-for-react, size-sensor, and timeago.js.