We are currently running Pega Infinity 23 with Cosmos. What I need clarification on is: Pega product exposure: Does the Pega platform (specifically Infinity 23 with Cosmos) include or rely on any npm-sourced JavaScript packages that could make it vulnerable to this type of supply chain compromise?

Widespread Supply Chain Compromise Impacting npm Ecosystem

FloridaChris

Member since 2011

CompTech Associates

Posted: 1 day 23 hours ago

Last activity: 1 day 4 hours ago

Posted: 25 Sep 2025 11:55 EDT
Last activity: 26 Sep 2025 7:34 EDT

We are currently running Pega Infinity 23 with Cosmos. What I need clarification on is:

Pega product exposure: Does the Pega platform (specifically Infinity 23 with Cosmos) include or rely on any npm-sourced JavaScript packages that could make it vulnerable to this type of supply chain compromise?

To see attachments, please log in.

Posted: 6 hours ago

Posted: 26 Sep 2025 7:34 EDT

PhilipShannon

PEGA

replied to FloridaChris

@FloridaChris Please reach out to the Client Inquiry Team for more information relating to this type of question. Thank you.

To see attachments, please log in.