When Dependencies Turn Dangerous: Responding to the NPM Supply Chain Attack | Qualys
On September 8, 2025, attackers compromised a set of 18 widely used npm packages—including chalk, debug, ansi-styles, and strip-ansi—collectively downloaded over 2.6 billion times per week.| Qualys
