Dependency & Supply Chain Security The Dependency Risk Your application includes hundreds of npm packages. Each one is code written by someone else that runs in your application with full privileges . The Statistics Are Sobering According to Sonatype's 2024 State of the Software Supply Chain Report: - 245,000 malicious packages published to npm (2023) - 700% increase in supply chain attacks (vs 2022) - Average application has 200+ dependencies - Each dependency averages 5 transitive dependencies (dependencies of dependencies) Real-World Supply Chain Attacks event-stream Incident (2018): A pop…