Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of “hundreds of malicious packages” into the NPM ecosystem.
The Checkmarx warning comes on the heels of Snyk’s discovery of “deliberate sabotage” of NPM package managers and raises new concerns about the software supply chain threat landscape.