A supply chain compromise moved from CI pipelines into the npm ecosystem, stealing secrets, hijacking packages, and persisting on developer systems through a novel malware design.
Executive Summary
Software supply chain attacks are no longer isolated build-time incidents. Increasingly, they are multi-stage campaigns that move across trust boundaries: from CI/CD pipelines to developer workstations,...
