CrowdStrike npm Supply Chain Attack

If you thought 2025 was going to be a quiet year for supply chain security, September had other plans. Between September 14-18, the npm ecosystem experienced what security researchers are calling the most sophisticated supply chain attack to date – and yes, it even caught packages maintained by CrowdStrike in its net. Let me walk you through what happened, why it matters, and what you need to check right now.