It’s a bad time to be a JavaScript developer, after Koi data-analytics-id=”inline-link” href=”https://www.tomshardware.com/tag/security” data-auto-tag-linker=”true” data-before-rewrite-localise=”https://www.tomshardware.com/tag/security”>Security data-analytics-id=”inline-link” href=”https://www.koi.security/blog/shai-hulud-npm-supply-chain-attack-crowdstrike-tinycolor” target=”_blank” data-url=”https://www.koi.security/blog/shai-hulud-npm-supply-chain-attack-crowdstrike-tinycolor” referrerpolicy=”no-referrer-when-downgrade” data-hl-processed=”none”>revealed yesterday that it is tracking “the largest and most dangerous npm supply-chain compromise in history.”

The security firm said the Shai-Hulud malware campaign “has now impacted hundreds of packages across multiple maintainers,” including “popular libraries such as @ctrl/tinycolor as well as packages maintained by CrowdStrike.” (Emphasis theirs.) And the problem is probably going to get worse before it gets better, because the…

It’s a bad time to be a JavaScript developer, after Koi data-analytics-id=”inline-link” href=”https://www.tomshardware.com/tag/security” data-auto-tag-linker=”true” data-before-rewrite-localise=”https://www.tomshardware.com/tag/security”>Security data-analytics-id=”inline-link” href=”https://www.koi.security/blog/shai-hulud-npm-supply-chain-attack-crowdstrike-tinycolor” target=”_blank” data-url=”https://www.koi.security/blog/shai-hulud-npm-supply-chain-attack-crowdstrike-tinycolor” referrerpolicy=”no-referrer-when-downgrade” data-hl-processed=”none”>revealed yesterday that it is tracking “the largest and most dangerous npm supply-chain compromise in history.”

The security firm said the Shai-Hulud malware campaign “has now impacted hundreds of packages across multiple maintainers,” including “popular libraries such as @ctrl/tinycolor as well as packages maintained by CrowdStrike.” (Emphasis theirs.) And the problem is probably going to get worse before it gets better, because the…