Episode

NPM Supply Chain Attack: Lessons in Security and Human Error

Podcast

DevOps Sauna from Eficode

Published

Sep 12, 2025

Duration seconds

987

Processing state

failed

Canonical source

https://www.buzzsprout.com/2246063/episodes/17827471-npm-supply-chain-attack-lessons-in-security-and-human-error.mp3

Audio

https://www.buzzsprout.com/2246063/episodes/17827471-npm-supply-chain-attack-lessons-in-security-and-human-error.mp3

JSON

/v1/public/podcasts/devops-sauna-from-eficode/episodes/npm-supply-chain-attack-lessons-in-security-and-human-error

Markdown

/podcast/devops-sauna-from-eficode/npm-supply-chain-attack-lessons-in-security-and-human-error.md

Actions

• POST https://stenobird.com/v1/public/podcasts/devops-sauna-from-eficode/episodes/npm-supply-chain-attack-lessons-in-security-and-human-error/transcription-requests
  Idempotently request low-priority transcript generation for this episode.
• GET https://stenobird.com/podcast/devops-sauna-from-eficode/npm-supply-chain-attack-lessons-in-security-and-human-error.md
  Read the agent-friendly Markdown representation of this episode resource.

Summary

Send us Fan Mail A major security incident shook the JavaScript world when malicious code was discovered in 20 widely used NPM packages, collectively downloaded over 2 billion times per week. In this episode, Pinja and Darren break down what happened, how a phishing email led to the breach, and why human error remains one of the biggest risks in cybersecurity. They explore the scope of the attack, its surprisingly small financial impact, and the broader lessons around open-source trust, depen...