As the victim of the one from last year, it wasn't particularly fun to read.

The implication that I don't know what I'm looking at, or that I don't know what security is (despite having a clean track record for about 15 years now) was a bit aggravating.

In fact, even months later, the lasting effects have been panicking over anything that is remotely suspicious. The most recent example was just a few days ago. Had just gotten on the plane to go on vacation when someone Liked the original "I've been pwned" post on Bluesky. I misread the notification as being a new message to me saying "You've been pwned" and started to panick. I'd have had no way to address it and it would have ruined the small chance per year I get to have a break.

The attack last year wasn't me misunderstanding security. It was the sum of many, many small things (my history with and perception of npm especially w.r.t. their security posture and poor outreach over the years, being stressed out overall, and being in a rush at that particular moment, and a few other personal things) coming together in a perfect storm that resulted in the attack.