Ghosts in the Machine: Tampering with the JS Supply Chain

resources.md

• https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident
• https://snyk.io/blog/a-post-mortem-of-the-malicious-event-stream-backdoor/
• https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised
• https://docs.npmjs.com/cli/v8/configuring-npm/package-lock-json
• https://www.endorlabs.com/learn/how-to-defend-against-npm-software-supply-chain-attacks