https://falcao.org/tags/npm/Recent content in Npm on Danilo Falcão da SilvaHugoen-usSat, 20 Jun 2026 11:30:00 -0300https://falcao.org/posts/supply-chain-attacks-developers-new-root-access/Sat, 20 Jun 2026 11:30:00 -0300https://falcao.org/posts/supply-chain-attacks-developers-new-root-access/<p>I did not start worrying about supply chain attacks because of a new CVE. I started worrying the day I noticed where the attackers were aiming. For twenty years the model was simple: the internet is hostile, the server is the prize, and you put a wall between the two. Firewalls, VPNs, bastion hosts, WAFs, hardened images, least-privilege IAM on the cloud account. We got good at defending the server.</p>