Any updates on the npm 'supply chain' hack?

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2026 Poal.co

1.3K

•

Any updates on the npm 'supply chain' hack? (blog.cloudflare.com)

Dropped out of the news, guess I don't know where to look. Curious since I was looking into TypeScript and it seemed npm was the preferred method.

https://docs.npmjs.com/threats-and-mitigations doesn't mention anything about it in particular

Dropped out of the news, guess I don't know where to look. Curious since I was looking into TypeScript and it seemed npm was the preferred method. https://docs.npmjs.com/threats-and-mitigations doesn't mention anything about it in particular

(post is archived)

[–] • 2 pts

I haven’t heard any updates, but I don’t think it’s a solvable issue for Node.js.

One thing we can do as developers is move to Deno and use it as our JavaScript package manager. It can install packages from NPM, and it runs server side JavaScript in a sandbox by default so the NPM package installation exploits will not work.

link

[–] • 0 pt

Take an upvote. TIL. Thanks!

parent
link