Supply-Chain Attacks on Open Source Software: A Growing Threat
The past week has seen a surge in supply-chain attacks on open source software available in public repositories. Numerous developer accounts have been compromised, resulting in the distribution of malicious packages to unsuspecting users.
According to security firm Socket, the latest target is JavaScript code hosted on the npm repository