On September 8, 2025, a sophisticated supply-chain attack targeted 18 widely used NPM packages (Node Package Manager).Together, these packages account for 2.8 billion downloads per week, making this one of the largest NPM attacks ever recorded. What is a supply-chain attack? A supply-chain attack is a type of cyberattack where the attacker does not target