[singulasar]

The chalk/debug one https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... I believe socket also found it this way just a bit later.

The dev later said that Charlie notifying him probably shaved off some very important time for the remediation.

So in this case 2 different companies found it using automated tech before anyone else

[CharlieEriksen]

Hi, I'm Charlie from Aikido, as mentioned above. Yes, we detected it automatically, and I alerted Josh to the situation on BSky.

There's no reason why Microsoft/npm can't do what we're doing, or any of the other handful to dozen companies that do similar things to us, to protect the supply chain.