A two-year campaign quietly flooded npm with 43,000 dormant packages, exposing major supply-chain security gaps.
First seen on esecurityplanet.com
Jump to article: www.esecurityplanet.com/threats/how-43000-npm-spam-packages-hid-in-plain-sight-for-two-years/
