security

The Supply Chain Is the New Attack Surface - npm Worms and Slopsquatting in 2026

A self-replicating npm worm and AI-hallucinated packages are the supply-chain threats hitting JavaScript developers right now. Here's how they work and how I lock my projects down.