npmjs.org is arguably the world’s largest package repository. In 2022 it was estimated to serve over 43 billion downloads every week. I found no recent estimates, but the number should be much higher today. In the past several weeks, there have been 3 identified large-scale phishing-malware attacks on the npmjs.org: Playing Russian Roulette The common… Continue reading npm Has Become a Russian Roulette