• #meta 2025-07-26
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#meta ≡
  • ←
  • →
2025-07-26 UTC
# 13:13
[tantek] npm << Criticism: frequently subject to supply chain attacks, so if you regularly auto-update your full dependency tree of packages, you're likely to get hit eventually with something like these: 2025-07-22: https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack and 2025-07-24: https://www.bleepingcomputer.com/news/security/hackers-breach-toptal-github-account-publish-malicious-npm-packages/