GitHub supply chain attack cloned thousands of projects to trap unwary
NPM security: preventing supply chain attacks | Snyk
Malicious NPM Packages Target German Companies in Supply Chain Attack
No Unaccompanied Miners: Supply Chain Compromises Through Node.js Packages | Mandiant
A Popular npm Library Compromised in a Supply Chain Attack: What to Do
Attacks on Open Source Supply Chains: How Hackers Poison the Well | SAP Blogs
BleepingComputer: NPM supply-chain attack impacts hundreds of websites and apps
A new type of supply-chain attack with serious consequences is flourishing | Ars Technica
NPM supply chain attack - Wipes your disk if you have a Russian/Byelorussian IP : r/node
Update: IconBurst NPM software supply chain attack grabs data from apps and websites
Popular npm Project Used by Millions Hijacked in Supply-Chain Attack
npm Supply Chain Attack Targeting Germany-Based Companies
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Grayhat pollutes npm, PyPI with thousands of fake supply chain dependencies - Security Report
CrowdStrike Customers Protected From Compromised NPM Package
Researcher hacks over 35 tech firms in novel supply chain attack
NPM Packages Used In A Supply Chain Attack - SOCRadar® Cyber Intelligence Inc.
Preventing the Next Package Manager Supply Chain Attack - Garantir
Silicon Angle: Supply chain attack uses malicious NPM packages to steal data
NPM supply-chain attack impacts hundreds of websites and apps
npm Supply Chain Attack Targeting Germany-Based Companies
Data study reveals predictors of supply chain attacks in NPM repositories | The Daily Swig
How to avoid NPM supply chain attacks. | by michael sorensen | ITNEXT
Lessons Learned from 2021 Software Supply Chain Attacks - The New Stack
