Website: https://npm-supply-chain-attack-techniques.pagey.site
This covers all techniques used in past 1 year to conduct various attacks on npm packages. Use it to get your project reviewed thoroughly before publishing.
Exploits covered with mitigation information:
1. Maintainer Account Takeover and Malicious Publish
2. Lifecycle Hook Execution
3. Self-Replicating npm Worms
4. CI/CD Identity Plane Attacks
5. Git-Based Dependency Smuggling
6. Remote Dynamic Dependencies
7. Phishing Infrastructure Hosted Through npm and Package CDNs
8. Credential and Secret Harvesting
9. Exfiltration and Dead-Drop Channels
10. Persistence and Anti-Forensics
11. Obfuscation and Payload Packaging
12. Package Naming and Discovery Abuse