Multiple malicious npm packages have been detected across Red Hat Cloud Services, highlighting the vulnerability of package managers to supply-chain attacks. The issue is not unique to npm, as other package managers such as PyPI, RubyGems, and crates have also been compromised. The problem is exacerbated by the ability of npm to run arbitrary code during installation, making it potentially dangerous to even open a project in an IDE. This has led to discussions about the need for better security measures and responsible package management practices.