Information security
fromInfoQ
19 hours agoTanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages
A supply-chain attack poisoned GitHub Actions caches and workflows to publish malicious npm package versions, stealing credentials and propagating malware without npm credential compromise.