Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

erronis

(22,177 posts)

2. Thanks for this notice. This NPM-style poisoning is rampant in the software development world.

Reply to Xipe Totec (Original post)

Wed Nov 26, 2025, 06:17 PM

Wednesday

Any public and minimally-controlled repositories are subject to these attacks. I've seen a lot in the python world but I imagine it exists almost everywhere.

These infections can lie dormant for a long time in well-used software applications. Supply chain software is a favorite target.

And the US gov't is destroying our abilities to react...

Edit history

Please sign in to view edit histories.

Recommendations

4 members have recommended this reply (displayed in chronological order):

reACTIONary quaint summer_in_TX A Badger

2 replies

= new reply since forum marked as read

Highlight:

Widespread Supply Chain Compromise Impacting npm Ecosystem [View all] Xipe Totec Wednesday OP

Whoa. quaint Wednesday #1

Thanks for this notice. This NPM-style poisoning is rampant in the software development world. erronis Wednesday #2