Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the creator of the popular JS auth library: Better-Auth. He observed repeated attempts by a contributor to add malicious code directly via a pull request. This malicious code downloads multi-stage payloads hosted on a blockchain and establishes a command and control server connection which ultimately compromises the machine. This is very similar to DPRK's "EtherHi...