Riding the Worm: Lessons from the NPM Supply Chain Attack

Episode 96 September 23, 2025
Riding the Worm: Lessons from the NPM Supply Chain Attack | Let's Talk ASPM #96

Podcast Hosts

Mark Lambert
Chief Product Officer, ArmorCode Inc.
Rohan Parakh, Director of Product Management, ArmorCode
Rohan Parakh
Director of Product Management, ArmorCode Inc.

Mark and Rohan break down the recent Shai-Hulud NPM supply chain attack, one of the most extensive JavaScript ecosystem compromises to date. They trace how a phishing campaign against NPM maintainers led to malicious package updates, the challenges in surfacing risks buried deep in dependency chains, and the implications for development teams shipping AI-generated code at scale. The discussion also explores how ArmorCode’s agentic AI, Anya, helps security teams detect anomalous package behavior by querying across code, pipelines, and deployments—before infected packages make it to production.

Share on LinkedIn Share on X Share on Reddit

Listen Anywhere: Your Favorite Podcasts, Anytime

Related resources

Ride the Worm: The Latest Compromised NPM Packages and Mastering Supply Chain Attack Response
Blog

Ride the Worm: The Latest Compromised NPM Packages and Mastering Supply Chain Attack Response

 ArmorCode agentic AI: Meet Anya
Video

ArmorCode agentic AI: Meet Anya

 Ask, Analyze, Act with Anya: Agentic AI for ASPM That Gets You
Blog

Ask, Analyze, Act with Anya: Agentic AI for ASPM That Gets You

Seeing Is Believing

Schedule a demo or take a tour today.

Get started