Web Security for Frontend Devs · Part 17 — Supply-Chain Attacks via npm install
Bonus track: how a single npm install can run attacker code on your machine — lifecycle scripts, transitive deps, git prepare, bin shadowing — the signals to audit, and a full layered defense. With a live install simulator and exercises.