On the recent npm supply chain compromise
Hey friends, I know some of you use static site generators. Just in case you missed it, there’s a serious npm compromise. CISA reports a self-replicating worm (“Shai-Hulud”) has hit over 500 npm packages.
Jim Nielsen has a good write-up: The Risks of NPM.
For my own site: it hasn’t been compromised. I’ve pinned all npm dependencies to safe versions released before Sept 16, 2025.
- ← Previous
Quick tip: Searching the web with Spotlight - Next →
Testing Again 1