Get 20% off Mobbin Pro to make your apps not ugly - https://mobbin.com/fireship

Yesterday, npm got rocked by a record-breaking exploit which created a domino effect across the entire JavaScript ecosystem. In today's video, we'll take a look at exactly what went down.

#coding #programming #tech #npm 

💬 Chat with Me on Discord

https://discord.gg/fireship

🔗 Resources
- https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack

🔥 Get More Content - Upgrade to PRO

Upgrade at https://fireship.io/pro
Use code YT25 for 25% off PRO access 

🎨 My Editor Settings

- Atom One Dark 
- vscode-icons
- Fira Code Font

🔖 Topics Covered
- npm exploit
- qix npm hack
- phishing
- crypto attack
- Levenshtein Distance Algorithm

Fireship is a YouTube channel created by Jeff Delaney that offers quick tutorials and explanations on web development, programming, and tech trends. Known for the “100 Seconds of Code” and “The Code Report” series, the channel breaks down complex topics in a short, engaging format, covering everything from JavaScript frameworks to emerging technologies.

Fireship

A massive supply chain attack compromised popular npm packages including Chalk, affecting over 2.5 billion weekly downloads. The attack began with a phishing email targeting maintainer Josh Junan, leading to malicious code that swapped cryptocurrency wallet addresses in web browsers. Despite the widespread impact across JavaScript ecosystems and CI/CD pipelines, attackers only stole about $50 worth of Ethereum before the community detected and neutralized the threat within 2 hours.

The largest supply-chain attack ever…

<p>Wild, shows you should trust nothing until you see the code with your own eyes or pentest it with your own eyes.</p>
