Largest NPM Compromise in History - Supply Chain Attack
https://www.reddit.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/
<!-- SC_OFF -->Hey Everyone We just discovered that around 1 hour ago packages with a total of 2 billion weekly downloads on npm were compromised all belonging to one developer https://www.npmjs.com/~qix ansi-styles (371.41m downloads per week)
debug (357.6m downloads per week)
backslash (0.26m downloads per week)
chalk-template (3.9m downloads per week)
supports-hyperlinks (19.2m downloads per week)
has-ansi (12.1m downloads per week)
simple-swizzle (26.26m downloads per week)
color-string (27.48m downloads per week)
error-ex (47.17m downloads per week)
color-name (191.71m downloads per week)
is-arrayish (73.8m downloads per week)
slice-ansi (59.8m downloads per week)
color-convert (193.5m downloads per week)
wrap-ansi (197.99m downloads per week)
ansi-regex (243.64m downloads per week)
supports-color (287.1m downloads per week)
strip-ansi (261.17m downloads per week)
chalk (299.99m downloads per week) The compromises all stem from a core developers NPM account getting taken over from a phishing campaign The malware itself, luckily, looks like its mostly intrested in crypto at the moment so its impact is smaller than if they had installed a backdoor for example. How the Malware Works (Step by Step) Injects itself into the browser Hooks core functions like fetch, XMLHttpRequest, and wallet APIs (window.ethereum, Solana, etc.). Ensures it can intercept both web traffic and wallet activity. Watches for sensitive data Scans network responses and transaction payloads for anything that looks like a wallet address or transfer. Recognizes multiple formats across Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash. Rewrites the targets Replaces the legitimate destination with an attacker-controlled address. Uses “lookalike” addresses (via string-matching) to make swaps less obvious. Hijacks transactions before they’re signed Alters Ethereum and Solana transaction parameters (e.g., recipients, approvals, allowances). Even if the UI looks correct, the signed transaction routes funds to the attacker. Stays stealthy If a crypto wallet is detected, it avoids obvious swaps in the UI to reduce suspicion. Keeps silent hooks running in the background to capture and alter real transactions Our blog is being dynamically updated - https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised <!-- SC_ON --> submitted by /u/Advocatemack (https://www.reddit.com/user/Advocatemack)
[link] (https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised) [comments] (https://www.reddit.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/)
https://www.reddit.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/
<!-- SC_OFF -->Hey Everyone We just discovered that around 1 hour ago packages with a total of 2 billion weekly downloads on npm were compromised all belonging to one developer https://www.npmjs.com/~qix ansi-styles (371.41m downloads per week)
debug (357.6m downloads per week)
backslash (0.26m downloads per week)
chalk-template (3.9m downloads per week)
supports-hyperlinks (19.2m downloads per week)
has-ansi (12.1m downloads per week)
simple-swizzle (26.26m downloads per week)
color-string (27.48m downloads per week)
error-ex (47.17m downloads per week)
color-name (191.71m downloads per week)
is-arrayish (73.8m downloads per week)
slice-ansi (59.8m downloads per week)
color-convert (193.5m downloads per week)
wrap-ansi (197.99m downloads per week)
ansi-regex (243.64m downloads per week)
supports-color (287.1m downloads per week)
strip-ansi (261.17m downloads per week)
chalk (299.99m downloads per week) The compromises all stem from a core developers NPM account getting taken over from a phishing campaign The malware itself, luckily, looks like its mostly intrested in crypto at the moment so its impact is smaller than if they had installed a backdoor for example. How the Malware Works (Step by Step) Injects itself into the browser Hooks core functions like fetch, XMLHttpRequest, and wallet APIs (window.ethereum, Solana, etc.). Ensures it can intercept both web traffic and wallet activity. Watches for sensitive data Scans network responses and transaction payloads for anything that looks like a wallet address or transfer. Recognizes multiple formats across Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash. Rewrites the targets Replaces the legitimate destination with an attacker-controlled address. Uses “lookalike” addresses (via string-matching) to make swaps less obvious. Hijacks transactions before they’re signed Alters Ethereum and Solana transaction parameters (e.g., recipients, approvals, allowances). Even if the UI looks correct, the signed transaction routes funds to the attacker. Stays stealthy If a crypto wallet is detected, it avoids obvious swaps in the UI to reduce suspicion. Keeps silent hooks running in the background to capture and alter real transactions Our blog is being dynamically updated - https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised <!-- SC_ON --> submitted by /u/Advocatemack (https://www.reddit.com/user/Advocatemack)
[link] (https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised) [comments] (https://www.reddit.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/)
Color NPM Package Compromised
https://www.reddit.com/r/programming/comments/1nbv9w3/color_npm_package_compromised/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://fasterthanli.me/articles/color-npm-package-compromised) [comments] (https://www.reddit.com/r/programming/comments/1nbv9w3/color_npm_package_compromised/)
https://www.reddit.com/r/programming/comments/1nbv9w3/color_npm_package_compromised/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://fasterthanli.me/articles/color-npm-package-compromised) [comments] (https://www.reddit.com/r/programming/comments/1nbv9w3/color_npm_package_compromised/)
Firefox 32-bit Linux Support to End in 2026
https://www.reddit.com/r/programming/comments/1nbv9xc/firefox_32bit_linux_support_to_end_in_2026/
submitted by /u/Doniisthemaindog (https://www.reddit.com/user/Doniisthemaindog)
[link] (https://blog.mozilla.org/futurereleases/2025/09/05/firefox-32-bit-linux-support-to-end-in-2026/) [comments] (https://www.reddit.com/r/programming/comments/1nbv9xc/firefox_32bit_linux_support_to_end_in_2026/)
https://www.reddit.com/r/programming/comments/1nbv9xc/firefox_32bit_linux_support_to_end_in_2026/
submitted by /u/Doniisthemaindog (https://www.reddit.com/user/Doniisthemaindog)
[link] (https://blog.mozilla.org/futurereleases/2025/09/05/firefox-32-bit-linux-support-to-end-in-2026/) [comments] (https://www.reddit.com/r/programming/comments/1nbv9xc/firefox_32bit_linux_support_to_end_in_2026/)
A complete map of the Rust type system
https://www.reddit.com/r/programming/comments/1nbvabp/a_complete_map_of_the_rust_type_system/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://rustcurious.com/elements/) [comments] (https://www.reddit.com/r/programming/comments/1nbvabp/a_complete_map_of_the_rust_type_system/)
https://www.reddit.com/r/programming/comments/1nbvabp/a_complete_map_of_the_rust_type_system/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://rustcurious.com/elements/) [comments] (https://www.reddit.com/r/programming/comments/1nbvabp/a_complete_map_of_the_rust_type_system/)
The Key Points of Working Effectively with Legacy Code
https://www.reddit.com/r/programming/comments/1nbvb12/the_key_points_of_working_effectively_with_legacy/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://understandlegacycode.com/blog/key-points-of-working-effectively-with-legacy-code/) [comments] (https://www.reddit.com/r/programming/comments/1nbvb12/the_key_points_of_working_effectively_with_legacy/)
https://www.reddit.com/r/programming/comments/1nbvb12/the_key_points_of_working_effectively_with_legacy/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://understandlegacycode.com/blog/key-points-of-working-effectively-with-legacy-code/) [comments] (https://www.reddit.com/r/programming/comments/1nbvb12/the_key_points_of_working_effectively_with_legacy/)
Hashed sorting is typically faster than hash tables
https://www.reddit.com/r/programming/comments/1nbvchv/hashed_sorting_is_typically_faster_than_hash/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://reiner.org/hashed-sorting) [comments] (https://www.reddit.com/r/programming/comments/1nbvchv/hashed_sorting_is_typically_faster_than_hash/)
https://www.reddit.com/r/programming/comments/1nbvchv/hashed_sorting_is_typically_faster_than_hash/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://reiner.org/hashed-sorting) [comments] (https://www.reddit.com/r/programming/comments/1nbvchv/hashed_sorting_is_typically_faster_than_hash/)
Everything is a []u8
https://www.reddit.com/r/programming/comments/1nbvest/everything_is_a_u8/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.openmymind.net/Everything-Is-A-u8-array/) [comments] (https://www.reddit.com/r/programming/comments/1nbvest/everything_is_a_u8/)
https://www.reddit.com/r/programming/comments/1nbvest/everything_is_a_u8/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.openmymind.net/Everything-Is-A-u8-array/) [comments] (https://www.reddit.com/r/programming/comments/1nbvest/everything_is_a_u8/)
Writing Code Is Easy. Reading It Isn't
https://www.reddit.com/r/programming/comments/1nbvfcs/writing_code_is_easy_reading_it_isnt/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://idiallo.com/blog/writing-code-is-easy-reading-is-hard) [comments] (https://www.reddit.com/r/programming/comments/1nbvfcs/writing_code_is_easy_reading_it_isnt/)
https://www.reddit.com/r/programming/comments/1nbvfcs/writing_code_is_easy_reading_it_isnt/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://idiallo.com/blog/writing-code-is-easy-reading-is-hard) [comments] (https://www.reddit.com/r/programming/comments/1nbvfcs/writing_code_is_easy_reading_it_isnt/)
No Silver Bullet: Essence and Accidents of Software Engineering (1986) [pdf]
https://www.reddit.com/r/programming/comments/1nbvh5t/no_silver_bullet_essence_and_accidents_of/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.cs.unc.edu/techreports/86-020.pdf) [comments] (https://www.reddit.com/r/programming/comments/1nbvh5t/no_silver_bullet_essence_and_accidents_of/)
https://www.reddit.com/r/programming/comments/1nbvh5t/no_silver_bullet_essence_and_accidents_of/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.cs.unc.edu/techreports/86-020.pdf) [comments] (https://www.reddit.com/r/programming/comments/1nbvh5t/no_silver_bullet_essence_and_accidents_of/)
Forty-Four Esolangs: The Art of Esoteric Code
https://www.reddit.com/r/programming/comments/1nbvhnx/fortyfour_esolangs_the_art_of_esoteric_code/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://spectrum.ieee.org/esoteric-programming-languages-daniel-temkin) [comments] (https://www.reddit.com/r/programming/comments/1nbvhnx/fortyfour_esolangs_the_art_of_esoteric_code/)
https://www.reddit.com/r/programming/comments/1nbvhnx/fortyfour_esolangs_the_art_of_esoteric_code/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://spectrum.ieee.org/esoteric-programming-languages-daniel-temkin) [comments] (https://www.reddit.com/r/programming/comments/1nbvhnx/fortyfour_esolangs_the_art_of_esoteric_code/)
Keeping secrets out of logs
https://www.reddit.com/r/programming/comments/1nbvi5u/keeping_secrets_out_of_logs/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://allan.reyes.sh/posts/keeping-secrets-out-of-logs/) [comments] (https://www.reddit.com/r/programming/comments/1nbvi5u/keeping_secrets_out_of_logs/)
https://www.reddit.com/r/programming/comments/1nbvi5u/keeping_secrets_out_of_logs/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://allan.reyes.sh/posts/keeping-secrets-out-of-logs/) [comments] (https://www.reddit.com/r/programming/comments/1nbvi5u/keeping_secrets_out_of_logs/)
The Expression Problem and its solutions
https://www.reddit.com/r/programming/comments/1nbvifp/the_expression_problem_and_its_solutions/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://eli.thegreenplace.net/2016/the-expression-problem-and-its-solutions) [comments] (https://www.reddit.com/r/programming/comments/1nbvifp/the_expression_problem_and_its_solutions/)
https://www.reddit.com/r/programming/comments/1nbvifp/the_expression_problem_and_its_solutions/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://eli.thegreenplace.net/2016/the-expression-problem-and-its-solutions) [comments] (https://www.reddit.com/r/programming/comments/1nbvifp/the_expression_problem_and_its_solutions/)
Algebraic Effects in Practice with Flix
https://www.reddit.com/r/programming/comments/1nbviq4/algebraic_effects_in_practice_with_flix/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.relax.software/blog/flix-effects-intro/) [comments] (https://www.reddit.com/r/programming/comments/1nbviq4/algebraic_effects_in_practice_with_flix/)
https://www.reddit.com/r/programming/comments/1nbviq4/algebraic_effects_in_practice_with_flix/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://www.relax.software/blog/flix-effects-intro/) [comments] (https://www.reddit.com/r/programming/comments/1nbviq4/algebraic_effects_in_practice_with_flix/)
Hitting Peak File IO Performance with Zig
https://www.reddit.com/r/programming/comments/1nbvjga/hitting_peak_file_io_performance_with_zig/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://steelcake.com/blog/nvme-zig/) [comments] (https://www.reddit.com/r/programming/comments/1nbvjga/hitting_peak_file_io_performance_with_zig/)
https://www.reddit.com/r/programming/comments/1nbvjga/hitting_peak_file_io_performance_with_zig/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://steelcake.com/blog/nvme-zig/) [comments] (https://www.reddit.com/r/programming/comments/1nbvjga/hitting_peak_file_io_performance_with_zig/)
Emulating Rust's Result and ? in Jai with Metaprogramming
https://www.reddit.com/r/programming/comments/1nbvji6/emulating_rusts_result_and_in_jai_with/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://jamesoswald.dev/posts/jai-result/) [comments] (https://www.reddit.com/r/programming/comments/1nbvji6/emulating_rusts_result_and_in_jai_with/)
https://www.reddit.com/r/programming/comments/1nbvji6/emulating_rusts_result_and_in_jai_with/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://jamesoswald.dev/posts/jai-result/) [comments] (https://www.reddit.com/r/programming/comments/1nbvji6/emulating_rusts_result_and_in_jai_with/)
Resources, Laziness, and Continuation-Passing Style
https://www.reddit.com/r/programming/comments/1nbvjjk/resources_laziness_and_continuationpassing_style/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://journal.infinitenegativeutility.com/resources-laziness-and-continuation-passing-style) [comments] (https://www.reddit.com/r/programming/comments/1nbvjjk/resources_laziness_and_continuationpassing_style/)
https://www.reddit.com/r/programming/comments/1nbvjjk/resources_laziness_and_continuationpassing_style/
submitted by /u/ketralnis (https://www.reddit.com/user/ketralnis)
[link] (https://journal.infinitenegativeutility.com/resources-laziness-and-continuation-passing-style) [comments] (https://www.reddit.com/r/programming/comments/1nbvjjk/resources_laziness_and_continuationpassing_style/)
Java 21 ⮕ 25: Performance and Runtime Enhancements #RoadTo25
https://www.reddit.com/r/programming/comments/1ncae0y/java_21_25_performance_and_runtime_enhancements/
submitted by /u/BlueGoliath (https://www.reddit.com/user/BlueGoliath)
[link] (https://www.youtube.com/watch?v=renTMvh51iM) [comments] (https://www.reddit.com/r/programming/comments/1ncae0y/java_21_25_performance_and_runtime_enhancements/)
https://www.reddit.com/r/programming/comments/1ncae0y/java_21_25_performance_and_runtime_enhancements/
submitted by /u/BlueGoliath (https://www.reddit.com/user/BlueGoliath)
[link] (https://www.youtube.com/watch?v=renTMvh51iM) [comments] (https://www.reddit.com/r/programming/comments/1ncae0y/java_21_25_performance_and_runtime_enhancements/)
Can a tiny server running FastAPI/SQLite survive the hug of death?
https://www.reddit.com/r/programming/comments/1ncan42/can_a_tiny_server_running_fastapisqlite_survive/
<!-- SC_OFF -->I run tiny indie apps on a Linux box. On a good day, I get ~300 visitors. But what if I hit a lot of traffic? Could my box survive the hug of death? So I load tested it: Reads? 100 RPS with no errors. Writes? Fine after enabling WAL. Search? Broke… until I switched to SQLite FTS5. <!-- SC_ON --> submitted by /u/IntelligentHope9866 (https://www.reddit.com/user/IntelligentHope9866)
[link] (https://rafaelviana.com/posts/hug-of-death) [comments] (https://www.reddit.com/r/programming/comments/1ncan42/can_a_tiny_server_running_fastapisqlite_survive/)
https://www.reddit.com/r/programming/comments/1ncan42/can_a_tiny_server_running_fastapisqlite_survive/
<!-- SC_OFF -->I run tiny indie apps on a Linux box. On a good day, I get ~300 visitors. But what if I hit a lot of traffic? Could my box survive the hug of death? So I load tested it: Reads? 100 RPS with no errors. Writes? Fine after enabling WAL. Search? Broke… until I switched to SQLite FTS5. <!-- SC_ON --> submitted by /u/IntelligentHope9866 (https://www.reddit.com/user/IntelligentHope9866)
[link] (https://rafaelviana.com/posts/hug-of-death) [comments] (https://www.reddit.com/r/programming/comments/1ncan42/can_a_tiny_server_running_fastapisqlite_survive/)
Signal Secure Backups
https://www.reddit.com/r/programming/comments/1ncb4hj/signal_secure_backups/
submitted by /u/cheerfulboy (https://www.reddit.com/user/cheerfulboy)
[link] (https://signal.org/blog/introducing-secure-backups/) [comments] (https://www.reddit.com/r/programming/comments/1ncb4hj/signal_secure_backups/)
https://www.reddit.com/r/programming/comments/1ncb4hj/signal_secure_backups/
submitted by /u/cheerfulboy (https://www.reddit.com/user/cheerfulboy)
[link] (https://signal.org/blog/introducing-secure-backups/) [comments] (https://www.reddit.com/r/programming/comments/1ncb4hj/signal_secure_backups/)
Incident Report for Anthropic
https://www.reddit.com/r/programming/comments/1ncb4wu/incident_report_for_anthropic/
submitted by /u/cheerfulboy (https://www.reddit.com/user/cheerfulboy)
[link] (https://status.anthropic.com/incidents/72f99lh1cj2c) [comments] (https://www.reddit.com/r/programming/comments/1ncb4wu/incident_report_for_anthropic/)
https://www.reddit.com/r/programming/comments/1ncb4wu/incident_report_for_anthropic/
submitted by /u/cheerfulboy (https://www.reddit.com/user/cheerfulboy)
[link] (https://status.anthropic.com/incidents/72f99lh1cj2c) [comments] (https://www.reddit.com/r/programming/comments/1ncb4wu/incident_report_for_anthropic/)
chalk + debug just got owned on npm… and honestly, this is the nightmare I’ve been expecting
https://www.reddit.com/r/programming/comments/1nccr9m/chalk_debug_just_got_owned_on_npm_and_honestly/
<!-- SC_OFF -->I’ve been around long enough to remember event-stream in 2018, ua-parser-js in 2021, all those “oh crap” moments when a dependency we trusted turned toxic overnight. And now.....?? it's chalk and debug. Two of the most boring, everyday libraries in the JS world.
One phishing email → maintainer creds stolen → new versions published → hidden payload inside.
And here’s the kicker: it didn’t break anything. While the tests, passed.. CI was green... linters, dead silent. We all would’ve shipped it, no questions asked. The payload was nasty but clever for sure... obfuscated code scanning for wallet addresses, swapping them with lookalikes tied to the attacker. So your log-coloring library suddenly moonlights as a crypto thief. That’s what makes my stomach drop. Because as a dev, the workflow is designed to trust the green checkmarks. And yesterday proved those green checks mean nothing when the foundation is poisoned upstream. We love to say “keep dependencies updated.” But that advice is starting to feel like a joke. Updating blindly is how you pull this crap straight into prod. What’s the fix? Honestly, I don’t have a silver bullet. But I know this: Pipelines need context, not just pass/fail. If debug starts calling window.ethereum, something should scream. Security can’t be “some team’s job.” It has to live inside the same workflow where we merge PRs. And maybe we stop pretending that npm install is ever “safe” without deeper inspection. This isnt a weird edge case. It’s the pattern now. And if we don’t adapt, we’ll just keep rolling the dice until the next dependency burns us in production. Anyone else feel like we’re building faster than we can secure the ground under us? <!-- SC_ON --> submitted by /u/divson1319 (https://www.reddit.com/user/divson1319)
[link] (https://www.codeant.ai/blogs/npm-chalk-debug-supply-chain-attack) [comments] (https://www.reddit.com/r/programming/comments/1nccr9m/chalk_debug_just_got_owned_on_npm_and_honestly/)
https://www.reddit.com/r/programming/comments/1nccr9m/chalk_debug_just_got_owned_on_npm_and_honestly/
<!-- SC_OFF -->I’ve been around long enough to remember event-stream in 2018, ua-parser-js in 2021, all those “oh crap” moments when a dependency we trusted turned toxic overnight. And now.....?? it's chalk and debug. Two of the most boring, everyday libraries in the JS world.
One phishing email → maintainer creds stolen → new versions published → hidden payload inside.
And here’s the kicker: it didn’t break anything. While the tests, passed.. CI was green... linters, dead silent. We all would’ve shipped it, no questions asked. The payload was nasty but clever for sure... obfuscated code scanning for wallet addresses, swapping them with lookalikes tied to the attacker. So your log-coloring library suddenly moonlights as a crypto thief. That’s what makes my stomach drop. Because as a dev, the workflow is designed to trust the green checkmarks. And yesterday proved those green checks mean nothing when the foundation is poisoned upstream. We love to say “keep dependencies updated.” But that advice is starting to feel like a joke. Updating blindly is how you pull this crap straight into prod. What’s the fix? Honestly, I don’t have a silver bullet. But I know this: Pipelines need context, not just pass/fail. If debug starts calling window.ethereum, something should scream. Security can’t be “some team’s job.” It has to live inside the same workflow where we merge PRs. And maybe we stop pretending that npm install is ever “safe” without deeper inspection. This isnt a weird edge case. It’s the pattern now. And if we don’t adapt, we’ll just keep rolling the dice until the next dependency burns us in production. Anyone else feel like we’re building faster than we can secure the ground under us? <!-- SC_ON --> submitted by /u/divson1319 (https://www.reddit.com/user/divson1319)
[link] (https://www.codeant.ai/blogs/npm-chalk-debug-supply-chain-attack) [comments] (https://www.reddit.com/r/programming/comments/1nccr9m/chalk_debug_just_got_owned_on_npm_and_honestly/)