NPM Supply Chain Vulnerability 

In September 2025, the Node Package Manager (NPM) repository was compromised with a widespread software supply chain attack, in which the malicious cyber actor compromised the sensitive credentials of NPM package maintainers and distributed malicious software through well-known, trusted packages.

SolarWinds products are not affected by the NPM supply chain attack and do not use any of the affected packages and versions.