There was a time when I could ask, “Did you see the latest NPM attack?” And your answer would be either “Yes” or “No”. But now if I ask, “Did you see the latest NPM attack?” You’ll probably answer with a question of your own: “Which one?” In this post, I’m talking about the Qix incident: Prolific maintainer Qix was phished. Qix is a co-maintainer on many packages with Sindre Sorhus, the most popular maintainer on NPM (by download count). Attackers pushed malicious code...
