Supply Chain Compromise: Compromise Software Dependencies and Development Tools

Malicious code is distributed through package registry artifacts or trusted developer tooling dependencies.