Developer Compromise 5

• CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages Mar 20, 2026
• GlassWorm Loader Hits Open VSX via Developer Account Compromise Jan 31, 2026
• Shai Hulud Strikes Again (v2) Nov 24, 2025
• Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages Sep 15, 2025
• npm 'is' Package Hijacked in Expanding Supply Chain Attack Jul 22, 2025