Blog & Newsletter

Why this matters npm is the nodejs 3rd party library ecosystem. For better and worse, it is bigger and more technically advanced than most. But because nodejs is so ubiquitous on the internet, just from sheer scale it has problems most other programming platforms don’t have to deal with. It is both ...

What happened? In mid-September 2025, the largest supply chain attack in npm’s history was discovered. It got the name Shai-Hulud . Attackers compromised popular npm packages and introduced malware that spread automatically with the goal to steal developers GitHub tokens to reproduce itself. There a...