npm under siege (what to do about it) (Friends)
npm under siege (what to do about it) (Friends)  
Podcast: The Changelog: Software Development, Open Source
Published On: Fri Oct 03 2025
Description: Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.