AsyncAPI npm Packages With 2M Weekly Downloads Compromised via GitHub Actions
A supply chain compromise has placed AsyncAPI npm packages at the center of a developer security incident. Five trojanized releases, with roughly 2.9 million combined weekly downloads, were published after an attacker gained access to an npm publishing token. The incident creates risk for...