← Back
Theo November 29, 2025 21m

You have no idea how how bad this really is.

Summary

The transcript discusses a recent NPM package supply chain attack involving cryptocurrency address replacement and potential malicious code insertion. The exploit primarily targeted front-end packages, with hackers strategically swapping cryptocurrency addresses to avoid detection. The incident highlights significant vulnerabilities in dependency management, with real-world implications demonstrated by near-misses like the T3 Chat project's PostHog dependency. Developers and organizations must remain vigilant about package security, carefully vetting dependencies and understanding the complex risks inherent in large, interconnected software ecosystems.

View original episode ↗