
314 npm packages hit in new supply chain attack campaign
Hacker News·1mo·theanonymousone
A coordinated attack compromised over 300 npm packages in what researchers are calling "Mini Shai-Hulud," marking a serious escalation in npm ecosystem security. For developers pulling dependencies into production, this underscores the ongoing risk of trusting package registries without additional verification—especially for smaller, less-monitored packages that may slip through standard security checks.
Original story
Read the original on Hacker NewsRelated stories
AI
HYVE Ether OS goes on pre-sale: a $499 sovereign AI operating system you actually ownVibe Software Solutions·1mo·Anthony S. Owens
