When a supply-chain flicker becomes a wildfire: a realistic “what-could-have-been” from the npm compromise
19 mins
The recent npm compromise incident was bad—but it could have been much worse. In the real event,…
19 mins
The npm compromise that shook JavaScript —what happened, who’s at risk, and how to respond without blaming maintainers
23 mins
If you write JavaScript, you felt it: a wave of alerts, frantic greps through lockfiles, and a…