pull down to refresh
0 sats \ 1 reply \ @Bell_curve 11 Sep \ parent \ on: Trump ally Charlie Kirk reported shot at Utah college event Politics_And_Law
This is not my pick per se... Browns vs Ravens are usually close games... Browns play harder against division opponents vs non division
I am a big fan of Coinos as a beginner friendly custodial wallet
I recommend it to everyone I know
Plus they have excellent support via email and Telegram
here is the creator and founder of @coinoswallet, Adam: @adam_coinos_io
edit: sometimes liquidity is a problem on lightning because Coinos is growing in popularity
from Claude...
Based on the research I've gathered, here are the 18 specific NPM packages that were compromised in this supply chain attack:
The Compromised Packages (with weekly download numbers):
Starting at September 8th, 13:16 UTC, these 18 very popular packages were compromised:
Highest Impact Packages:
- ansi-styles - 371.41 million downloads/week
- debug - 357.6 million downloads/week
- chalk - 299.99 million downloads/week
- strip-ansi - 261.17 million downloads/week
- ansi-regex - 243.64 million downloads/week
- wrap-ansi - 197.99 million downloads/week
- color-convert - 193.5 million downloads/week
- color-name - 191.71 million downloads/week
Medium Impact Packages:
- is-arrayish - 73.8 million downloads/week
- slice-ansi - 59.8 million downloads/week
- error-ex - 47.17 million downloads/week
- color-string - 27.48 million downloads/week
- simple-swizzle - 26.26 million downloads/week
- supports-hyperlinks - 19.2 million downloads/week
- has-ansi - 12.1 million downloads/week
Lower Impact Packages:
- chalk-template - 3.9 million downloads/week
- supports-color - 287.1 million downloads/week
- backslash - 0.26 million downloads/week
What These Packages Do
These are all fundamental utility packages that handle basic functions like:
- Text coloring and formatting (chalk, ansi-styles, color-convert)
- Debugging output (debug)
- String manipulation (strip-ansi, wrap-ansi)
- Error handling (error-ex)
The Scale
These utilities underpin much of the modern web and collectively account for more than 2.6 billion weekly downloads. They're the kind of packages that get included in almost every JavaScript project without developers even realizing it.
How the Attack Happened
Hackers compromised the npm account of Josh Goldberg, a well-known open-source maintainer known as "Qix," through a phishing campaign that targeted npm maintainers with emails impersonating the platform's support team.
These aren't flashy frameworks - they're the invisible building blocks that millions of websites and applications depend on, which is exactly what made this attack so devastating.