How a Compromised NPM Package Revealed GitHub Workflow Vulnerabilities | HackerNoon
In December 2023, it was discovered that an NPM package commonly used by decentralized web applications (dApps) had been compromised. The package in question, @ledgerhq/connect-kit, is maintained by Ledger, a well-known and arguably the most trusted provider of secure hardware...