npm Supply Chain Attack - Why Our Platform Is Secure
· One min read
What happened
This week, attackers compromised developer accounts on npmjs.org and published manipulated versions of well-known open-source packages. These packages are downloaded billions of times each week. The injected code was designed to capture data and redirect transactions
Why this does not affect us
Our platform is not impacted. We only use dependencies that are reviewed and built into the product through controlled processes. Nothing is ever pulled directly from npm at runtime. Every update passes through our CI/CD pipeline and is tested before it is released.
Conclusion
This incident underlines the importance of supply chain security. Thanks to our architecture and processes, we can state clearly: our customers and partners are not affected by this attack.
./Robert