@socket.dev on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Socket

socket.dev

did:plc:n6f3j47vjucu5ijwdmow7n2w

🚨 Malicious update to @ctrl/tinycolor on npm is part of an active supply chain attack hitting 40+ packages across multiple maintainers. Audit & remove affected versions. Our analysis of the malware: https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages #NodeJS #JavaScript

2025-09-15T23:23:19.806Z