Over just a few weeks, the NPM ecosystem was hit by three major security incidents: the Singularity campaign exploiting GitHub Actions for token theft, a phishing attack on a package maintainer, and Shai-Hulud, the first worm-like malware propagation in NPM. In this episode of The Permiso Podcast, our CTO Ian Ahl, breaks down how each event unfolded, the role of stolen credentials, and what these attacks mean for developers and security teams navigating modern supply chain risks.