We have received confirmation from all our relevant sub-processors that they have not been affected, so we are now marking this as resolved. We will continue to track activity across the npm ecosystem with our partners to ensure deployments on Skedda remain secure by default.
Skedda can confirm that there are no cases of a compromised package in use on Skedda's own software stack. Skedda is not currently directly depending on any of the affected package versions.
No action is required at this time.
We are currently in the process of confirming that the services of our relevant set of partners/sub-processors has likewise been unaffected. We will provide an update here once these investigations have completed. We will continue to track activity across the npm ecosystem with our partners to ensure deployments on Skedda remain secure by default.