NPM Incident Addition

_posts/2025-09-11-socratic-seminar-69.md

@@ -35,8 +35,7 @@ https://github.com/bitcoinknots/bitcoin/releases/tag/v29.1.knots20250903
 
 https://github.com/TABConf/bitcoinknobs
 
-Bitcoin Knobs is a fork of Bitcoin Knots that takes flexibility a step further. Where others decide what is "safe" or "reasonable," we believe in maximum choice. If that means your node refuses to start, your wallet vanishes into the void, or your peers pretend you don't exist, at least the decision was yours.
-ody sane would touch. Some people call that dangerous. We call it feature-complete.
+Bitcoin Knobs is a fork of Bitcoin Knots that takes flexibility a step further. Where others decide what is "safe" or "reasonable," we believe in maximum choice. If that means your node refuses to start, your wallet vanishes into the void, or your peers pretend you don't exist, at least the decision was yours. Because freedom means being able to tune every setting, even the ones nobody sane would touch. Some people call that dangerous. We call it feature-complete.
 
 ## Nunchuk releases Miniscript + E2EE group wallets
 
@@ -88,3 +87,10 @@ Utreexo BIP drafts published by @kcalvinalvinn, co-authored by @tdryja and David
 - BIP drafts: https://github.com/bitcoin/bips/pull/1923
 - Mail list post: https://groups.google.com/g/bitcoindev/c/W1lxBraKG_E
 - Utreexo is a proposed alternative to the UTXO set; more info at https://bitcoinops.org/en/topics/utreexo/
+
+## NPM Malicious Packages Incident
+
+https://x.com/P3b7_/status/1965094840959410230
+https://x.com/P3b7_/status/1965336272550899932
+
+$66 stolen in widespread supply chain attack. The developer of a dozen high-impact javascript packages was phished and these packages turned malicious. The NPM security team cleaned up quick and internet-citizen reporting was early and widespread, minimizing impact.