Podcast

npm supply chain attack lessons in security and human error

SEP 12, 2025

Subscribe to the podcast

SpotifyApple PodcastsSoundcloudAmazon MusicPocket Casts

In this episode, the hosts explore the recent NPM supply chain attack, discussing how phishing, human error, and the trust placed in open-source software can impact security. They delve into the details of the attack, which involved malicious code being inserted into around 20 packages that collectively have over 2 billion weekly downloads. The conversation highlights the significance of this incident, the human element in cybersecurity, and the lessons that can be learned to strengthen defenses against such attacks. Key themes include the importance of vigilance in the face of phishing attempts, the role of human error in security breaches, and the need for better tracking of software dependencies to prevent similar incidents in the future.

Speakers

  • Sauna Sessions
  • Security
  • Software