Microsoft's Role in NPM Supply Chain Security Risks and Historical Parallels
For enterprise software, the software supply chain presents some of the biggiest risks today to data privacy and security.
Read the full articleYou might also wanna read

Microsoft Details AsyncAPI npm Supply Chain Attack: Import-Time Malware Bypassed Traditional Defenses
Microsoft has released a comprehensive technical analysis of the recent AsyncAPI npm supply chain compromise, providing new insights into ho

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, the JavaScript ecosystem faced one of its most disruptive security events to date: a coordinated software supply-chain at
AWS well-architected best practices for software supply chain security
There have been multiple notable supply chain attacks using the npm Registry since September: Shai-Hulud, Chalk/Debug, one abusing tea.xyz t
npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More
npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this
AWS well-architected framework best practices for software supply chain security
There have been multiple notable supply chain attacks using the npm Registry since September: Shai-Hulud, Chalk/Debug, one abusing tea.xyz t

NPM security: preventing supply chain attacks
In this post, I intend to unveil npm security practices and tooling available for you as a JavaScript developer (TypeScript developers are w

Comments
Sign in to join the conversation.
No comments yet. Be the first.