Sha1-Hulud is a worm that is propagating via packages on npm, a popular package manager for JavaScript. How does this affect bitcoin/lightning? https://securitylabs.datadoghq.com/articles/shai-hulud-2.0-npm-worm/ https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/