Of course, the logo for the collective dependency audit project has to be the most beautiful and insane Cyrillic letter, the Multiocular O

https://en.wikipedia.org/wiki/Cyrillic_O_variants#Multiocular_O

Over the past day I released several versions of Multiocular:

— Added support for viewing what changed in GitHub Actions when you update them
— Added support not only for my favourite pnpm, but also for npm, yarn 1, and yarn berry (bun support is welcome via PR)

Don’t get why you should worry about hacks from node_modules?

Just 2 days ago, nx (140M monthly downloads) was hacked via CI, stealing access keys from 1,300 users.

To bypass checks, the attackers even used the victim’s own LLM.

https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware