I shudder to think about the consequences of not getting on top of the increase in supply chain attacks. Once events like this start to become “normalised”, we risk total loss of confidence in package ecosystems.
More in this thread
news.ycombinator.com/item?id=4820...
GitHub’s source code has been stolen, and it looks like the culprit is a poisoned VS Code extension. The rate of supply chain attacks feels like its increased tenfold in the last 7-8 months, perfectly coinciding with the rise of more capable AI models.