Week 3
NPM
Start with krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto (and the original www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised)
This happens all the time, particularly on NPM, but usually they are packages created by malware developers, or are relatively marginal packages. Josh Junon's packages, above, are quite popular.
Shortly after the above, Aikido found another group of compromised packages: www.aikido.dev/blog/duckdb-npm-packages-compromised.
Plans for teams
Monday 9/8: Start with the GPL section in Licenses.
Wednesday: LGPL 2(d)
The LGPL has been called an instance of a "weak copyleft license"