Apparently supply chain attacks on NPM aren’t “so last year”. In fact, the latest one affects a huge amount of packages. That one is debug. In fact, I was almost affected by it just by having the stupid language server installed.

head -n 7 package.json 

{
  "name": "debug",
  "version": "4.4.1",
  "repository": {
    "type": "git",
    "url": "git://github.com/debug-js/debug.git"
  },

God, I hate Node.

Respond via email.