Archive: https://archive.today/74Ze7 From the post: >>Supply chain attacks have been a trendy topic in the past years. Rather than directly attacking their primary target, attackers infiltrate less secure assets, such as software depenencies, firmware, or service providers, to introduce malicious code. In turn, these components also have their own layers of dependencies, and we can start to understand why this becomes a very complex problem. Most of the coverage of such attacks focusses typosquatting issues, where attackers register in hope of developers using these dependencies by mistake. Software registries are flooded with such malicious packages, but the risk is minimal.