It’s a bad time to be a JavaScript developer, after Koi Security revealed yesterday that it is tracking “the largest and most dangerous npm supply-chain compromise in history.”
The security firm said the Shai-Hulud malware campaign “has now impacted hundreds of packages across multiple maintainers,” including “popular libraries such as @ctrl/tinycolor as well as packages maintained by CrowdStrike.” (Emphasis theirs.) And the problem is probably going to get worse before it gets better, because the…