GitLab discovers widespread npm supply chain attack
Yet another week; yet another supply chain attack...
ctrl/tinycolor and 40+ NPM Packages Compromised - StepSecurity
A pretty impressive and concerning compromise of a lot of JavaScript (and by extension TypeScript) packages.