Johannes SchnattererTLDR recent #npm supply chain attacks
🗓️ 26 Aug: #nx packages compromised stealing SSH keys, npm tokens, and .gitconfig files and weaponized AI CLI tools 😱 upload to repo named #S1ngularity
HackerNews: https://news.ycombinator.com/item?id=45034496
GHSA-cxm3-wv7p-598c: https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c
🗓️ 8 Sep: #chalk, #debugjs and other packages by maintainer #qix (junon) compromised. They handled this very transparently 👍️
See
HackerNews: https://news.ycombinator.com/item?id=45169794
CVE-2025-59144: https://github.com/advisories/GHSA-4x49-vf9v-38px