A lot of blogs on this are AI generated and such as this is developing, so just linking to a bunch of resources out there:<p>Socket:<p>- Sep 15 (First post on breach): <a href="https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" rel="nofollow">https://socket.dev/blog/tinycolor-supply-chain-attack-affect...</a><p>- Sep 16: <a href="https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages" rel="nofollow">https://socket.dev/blog/ongoing-supply-chain-attack-targets-...</a><p>StepSecurity – <a href="https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised" rel="nofollow">https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-p...</a><p>Aikido - <a href="https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again" rel="nofollow">https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-...</a><p>Ox - <a href="https://www.ox.security/blog/npm-2-0-hack-40-npm-packages-hit-in-major-supply-chain-attack/" rel="nofollow">https://www.ox.security/blog/npm-2-0-hack-40-npm-packages-hi...</a><p>Safety - <a href="https://www.getsafety.com/blog-posts/shai-hulud-npm-attack" rel="nofollow">https://www.getsafety.com/blog-posts/shai-hulud-npm-attack</a><p>Phoenix - <a href="https://phoenix.security/npm-tinycolor-compromise/" rel="nofollow">https://phoenix.security/npm-tinycolor-compromise/</a><p>Semgrep - <a href="https://semgrep.dev/blog/2025/security-advisory-npm-packages-using-secret-scanning-tools-to-steal-credentials/" rel="nofollow">https://semgrep.dev/blog/2025/security-advisory-npm-packages...</a>
A lot of blogs on this are AI generated and such as this is developing, so just linking to a bunch of resources out there:<p>Socket:<p>- Sep 15 (First post on breach): <a href="https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" rel="nofollow">https://socket.dev/blog/tinycolor-supply-chain-attack-affect...</a><p>- Sep 16: <a href="https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages" rel="nofollow">https://socket.dev/blog/ongoing-supply-chain-attack-targets-...</a><p>StepSecurity – <a href="https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised" rel="nofollow">https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-p...</a><p>Aikido - <a href="https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again" rel="nofollow">https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-...</a><p>Ox - <a href="https://www.ox.security/blog/npm-2-0-hack-40-npm-packages-hit-in-major-supply-chain-attack/" rel="nofollow">https://www.ox.security/blog/npm-2-0-hack-40-npm-packages-hi...</a><p>Safety - <a href="https://www.getsafety.com/blog-posts/shai-hulud-npm-attack" rel="nofollow">https://www.getsafety.com/blog-posts/shai-hulud-npm-attack</a><p>Phoenix - <a href="https://phoenix.security/npm-tinycolor-compromise/" rel="nofollow">https://phoenix.security/npm-tinycolor-compromise/</a><p>Semgrep - <a href="https://semgrep.dev/blog/2025/security-advisory-npm-packages-using-secret-scanning-tools-to-steal-credentials/" rel="nofollow">https://semgrep.dev/blog/2025/security-advisory-npm-packages...</a>