Software packages with more than 2 billion weekly downloads hit in supply-chain attack Software packages with more than 2 billion weekly downloads hit in supply-chain attack Settembre 9, 2025 Incident hitting npm users is likely the biggest supply-chain attack ever.