NPM Was the Breach
A technical field report on the Mini Shai-Hulud campaign, TanStack, OIDC trusted publishing, install scripts, and why package-manager convenience became ambient authority with a progress bar.
devlogsupply-chainnpmci-cdoidcjanusfield-report