May 20, 2026
How an npm Supply Chain Attack Poisoned 600 Packages
Over 600 software packages got poisoned in a single hour in the latest wave of the Shai-Hulud npm supply chain attack — and this time, the malware can forge the security badges developers trust to verify safe code. The npm supply chain attack represents a sharp escalation from a campaign that first emerged last September and has steadily grown more
