Node Package Managers · Part 9 — Supply-Chain Attacks
How attackers get code into your node_modules: typosquatting, dependency confusion, malicious postinstall payloads, maintainer account takeover, and protestware — dissected through real npm incidents.