Poisoned Packages: Auditing the NPM Supply Chain

The Attack That Targeted the Supply Chain The npm ecosystem faced what security researchers call a watershed moment in September 2025 when a self-replicating worm, dubbed "Shai-Hulud," compromised over 500 packages. Named after the massive sandworms ...