Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike’s npm namespace. […]
from https://www.bleepingcomputer.com/news/security/self-propagating-supply-chain-attack-hits-187-npm-packages/