314 npm packages hit in new supply chain attack campaign
Hacker News·5d·theanonymousone
A coordinated attack compromised over 300 npm packages in what researchers are calling "Mini Shai-Hulud," marking a serious escalation in npm ecosystem security. For developers pulling dependencies into production, this underscores the ongoing risk of trusting package registries without additional verification—especially for smaller, less-monitored packages that may slip through standard security checks.
Original story
Read the original on Hacker NewsRelated stories
AI
Local RAG + knowledge graph agent built by solo dev, no cloud requiredHacker News·1h·gabriel_oauth
SaaS
Audiomass adds multitrack editing to its free, open-source web audio editorHacker News·1h·pantelisk