Dafuq did I just installed?

During the recent Axios Supply Chain Attack I have accidentally observed couple of devs checking whether they should be worried about their projects or not. I have noticed one interesting thing - the level of understanding of what's really going on, what is the nature of this kind of exploit and how to reliably protect yourself from future ones, is lower than it should be. Therefore, I decided to put together a few paragraphs that should help. I am far from being a Node.js security guru, yet I believe I have learned a thing or two on my dev journey so far. If you insist on meeting the real expert, allow me to introduce you Liran Tal and namely his Awesome npm Security Best Practices repo with a huge list of dos and don'ts when dealing with NPM packages. For less scholarly version, you may proceed to my article. What happened? This type of cyberattack occurs when hackers gain credentials that allow them posting malicious versions of existing and legit packages. In this case, sophisticat