Send us a textA major security incident shook the JavaScript world when malicious code was discovered in 20 widely used NPM packages, collectively downloaded over 2 billion times per week. In this episode, Pinja and Darren break down what happened, how a phishing email led to the breach, and why human error remains one of the biggest risks in cybersecurity.They explore the scope of the attack, its surprisingly small financial impact, and the broader lessons around open-source trust, dependency management, and the need for SBOMs. Plus, they discuss how tools like DependencyTrack can help developers protect their software supply chains, and why transparency in mistakes—like that shown by maintainer Josh Junon—is essential to building a stronger security culture.

Ver todos los episodios