changelog.com

npm under siege (what to do about it) featuring Feross from Socket Security (Changelog & Friends #111)

Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of