Hey Charlie,
I wanted to flag the recent Shai-Hulud npm supply chain attack that affected hundreds of npm packages (after the earlier chalk/debug compromise). Since many WordPress plugin/theme build systems use npm, I thought it might be worth double-checking your dependencies and build workflows, just to make sure none of the compromised versions slipped into your releases. Now I don’t know if you’re using npm but I thought it best to notify you in case it’s relevant for Themeco.
I appreciate the page you sent me. I did hear about this, but didn’t know all that was affected. I went through it today and we don’t use any of the packages in question. It also looks like it’s based around node.js, and we just use npm for frontend packages like masonry, and some things in the App. The js on everybody sites is nearly all custom too. Interesting cloudstrike packages are on that list, they just can’t catch a break huh. Have a great day.
Ok, all good then. Yeah it’s a nasty one.