NPM hack shows stakes of open‑source supply chainsA
A large-scale breach of the NPM software registry on 8 September 2025 underscores how a single compromised account can ripple through government and private sector IT.
NPM—the official repository for JavaScript packages at npmjs.com—is best understood as a public library of reusable code “building blocks” that developers