A security incident occurred due to a compromised dependency in the JavaScript ecosystem, leading to a supply chain attack on a Rust compression library and ultimately affecting approximately 4 million developers. The incident was resolved accidentally by an unrelated cryptocurrency mining worm. The report highlights the complexity of modern software dependencies and the challenges of maintaining security in such ecosystems. The incident was caused by a series of events, including a phishing attack and a vulnerability in a package registry.