What AWS Security learned from responding to recent npm supply chain threat campaigns

AWS Security describes its incident response to multiple large-scale npm supply-chain campaigns — including the Nx compromise, the Shai-Hulud worm, and a token‑farming operation that yielded ~150,000 malicious packages — detailing how the malware harvested npm/GitHub/cloud tokens and propagated via postinstall scripts and malicious workflows, the rapid detection and community coordination (OpenSSF) performed, and recommended defensive measures such as continuous monitoring, layered protections, dependency inventory, and coordinated reporting.