Supply chain attacks target the packages and tools developers trust rather than the applications themselves. Two recent incidents illustrate how varied the attack surface has become.

Researchers at Aikido Security discovered 151 malicious packages across GitHub, npm, and the VS Code marketplace that hid payloads inside invisible Unicode variation-selector characters invisible-unicode-attack. Because these characters render as nothing, normal code review and most static analysis tooling pass over them entirely, making detection dependent on tools that specifically inspect raw byte sequences.

A separate campaign attributed to the TeamPCP threat actor poisoned four SAP-ecosystem npm packages with a self-propagating credential-stealing payload sap-npm-attack. The malware harvested cloud secrets and browser passwords, exfiltrated them via GitHub, and used Claude Code and VS Code configuration files as persistence vectors, showing how AI coding tools can become unintended footholds.

On the defensive side, replacing token-based authentication with SSH key pairs and using SSH-signed commits reduces the credential attack surface that both campaigns exploited ssh-keys. Commit signing in particular creates a verifiable identity chain that makes unsigned or tampered commits detectable before they reach downstream consumers.