Supply chain attacks are accelerating across package ecosystems
Three separate security stories hit HN in the same news cycle. The Megaladon attack compromised over 5,500 GitHub repos. The Laravel Lang package was hit with an RCE backdoor across 700 versions. A researcher disclosed they had poisoned a Hugging Face dataset and it stayed live for six months with no detection. These are not the same attack vector, but they are all targeting the trust layer underneath modern software: the assumption that dependencies and datasets you pull from public repositories are clean.
The through-line connecting them is the detection problem. The Hugging Face poisoning sat there for six months. The Laravel backdoor spread across 700 package versions before anyone caught it. Megaladon hit thousands of repos. In each case, the compromise was widespread before anyone noticed, which suggests that the scanning and monitoring infrastructure the ecosystem relies on is not keeping pace with the attack surface.
There is a useful counter-signal in the HN thread about committing dependencies to version control. Some developers are advocating for removing node_modules and similar directories from .gitignore entirely, accepting the repo bloat in exchange for supply chain integrity. It is an old-school solution to a new problem.
So what?
If you are shipping software that pulls from public package registries or public ML datasets, you now have to treat those sources as potentially compromised. Concretely: audit your dependency chain, set up automated scanning, and consider locking and vendoring critical dependencies. The Hugging Face case is especially relevant for AI startups building on public datasets.
Read these
New Attack "Megaladon" Compromises 5.5K+ GitHub Repos
Laravel Lang Compromised with RCE Backdoor Across 700 Versions
I poisoned a Hugging Face dataset and it stayed up for 6 months
The solution the supply chain problems is removing your deps from .gitignore