From 7f8c0572310aa2994aafcf68dbcd3286a1925da9 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 13 Dec 2020 13:16:06 +0200
Subject: doc: add link to an attack that has happned

---
 contractor.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/contractor.md b/contractor.md
index b441865..faa1795 100644
--- a/contractor.md
+++ b/contractor.md
@@ -83,6 +83,10 @@ The conclusion here is that to build software securely, we can't
 assume all code involved in the build to be secure. We need something
 more secure. The Contractor aims to be a possible solution.
 
+## Links to attacks
+
+* [Malicious npm package opens backdoors on programmers' computers](https://www.zdnet.com/article/malicious-npm-package-opens-backdoors-on-programmers-computers/)
+
 ## Threat model
 
 This section collects a list of specific threats to consider.
-- 
cgit v1.2.1