🚨 NPM supply-chain compromise: over 2B weekly downloads impacted

@aikidosecurity reports that popular #packages maintained by #qix (including #chalk, #debug, #ansistyles, #supportscolor, and others) were compromised.

These packages are deeply embedded in the #Node.js #ecosystem, used by frameworks, build tools, and apps worldwide.

Meh…. 🫤 supply-chain security isn’t optional.

#sbom ?
-Audit dependencies regularly
-Pin versions where possible
-Monitor advisories and lockfile integrity

Source: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

#infosec