About the September 2025 NPM supply chain attacks
You might have heard about the recent attacks on the open source npm ecosystem that affected many popular NPM packages in two separate instances during September 2025:
Sep 8, 2025 https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html
Sep 16, 2025 https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html
Our apps bundle npm packages. We have found no evidence that any of our apps have bundled affected versions. After investigating these issues, we conclude that none of our applications for Atlassian Data Center or Cloud are affected by any these exploits.