The JavaScript development community has been hit by two significant supply chain attacks targeting NPM packages in September 2025, marking some of the most severe security incidents in the ecosystem’s history. These incidents highlight the evolving sophistication of threats against open-source software dependencies and the urgent need for stronger safeguards. Attack #1: The September 8th […]