Threat actors phished Qix’s NPM account, then used their access to publish poisoned versions of 18 popular open-source packages accounting for more than 2 billion weekly downloads.
First seen on darkreading.com
Jump to article: www.darkreading.com/application-security/huge-npm-supply-chain-attack-whimper
