Supply Chain Attack Compromises JavaScript Packages

A major supply chain attack breached the NPM account of developer qix, resulting in malicious versions of key JavaScript packages like chalk and strip-ansi. The malware, a crypto-clipper, swaps wallet addresses to hijack crypto transactions. Though efforts are underway to resolve this issue, it's crucial to audit project dependencies to ensure safety.

- Affected packages have over one billion weekly downloads.

- Immediate action required: update package dependencies to known-safe versions in package.json.

https://jdstaerk.substack.com/p/we-just-found-malicious-code-in-the