---
DAYS SINCE LAST
MAJOR SUPPLY CHAIN ATTACK
NPM debug and chalk packages compromised
most recently on September 8, 2025
→
a for fun project by
Semgrep
Recent Major Supply Chain Attacks
Notable incidents that have impacted the software supply chain
NPM debug and chalk packages compromised
September 8, 2025
→
Malicious versions of Nx and some supporting plugins
August 26, 2025
→
tj-actions/changedfiles compromised
March 14, 2025
→
Polyfill.io takeover
February 2025
→