APT33 changed their code after a report in March. (Getty) When ‘minimal impact’ isn’t reassuring: lessons from the largest npm supply chain compromise Commentary that downplays the compromise’s impact misses the point, the co-founder of Sonatype argues. Sep 15, 2025 By Brian Fox
(Getty Images) The npm incident frightened everyone, but ended up being nothing to fret about Disaster was averted after widely used open-source packages were compromised via social engineering. Sep 10, 2025 By Matt Kapko