https://www.infoq.com InfoQ Dependency Injection feed https://www.infoq.com/news/2025/10/npm-s1ngularity-shai-hulud/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Dependency+Injection <img src="https://res.infoq.com/news/2025/10/npm-s1ngularity-shai-hulud/en/headerimage/generatedHeaderImage-1760893318793.jpg"/><p>The Node Package Manager (npm) ecosystem has suffered from two major supply chain attacks in recent months, affecting hundreds of packages and exposing developers to credential theft and data exfiltration. The attack vector of these incidents shows an AI-enabled evolution of how open-source software dependencies can be compromised.</p> <i>By Matt Saunders</i> Dependency Injection Software Supply Chain Application Security NPM DevOps news Mon, 20 Oct 2025 10:00:00 GMT https://www.infoq.com/news/2025/10/npm-s1ngularity-shai-hulud/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Dependency+Injection Matt Saunders 2025-10-20T10:00:00Z /news/2025/10/npm-s1ngularity-shai-hulud/en