When ‘minimal impact’ isn’t reassuring: lessons from the largest npm supply chain compromise
Commentary that downplays the compromise’s impact misses the point, the co-founder of Sonatype argues.
Advertisement
Sonatype
The npm incident frightened everyone, but ended up being nothing to fret about
Disaster was averted after widely used open-source packages were compromised via social engineering.