https://nitter.net/BitBoxSwiss/status/1965187227795030044

npm is not the problem, but rather compromised packages that you download via npm. If you have good configuration management with fixed versions, you can quickly find out whether you are affected