Regarding the "Widespread Supply Chain Compromise Impacting npm Ecosystem" vulnerability.

Widespread Supply Chain Compromise Impacting npm Ecosystem

Is there any impact in the Identity Governance Administration products (Identity Manager, Identity Governance, and Identity Portal)?

Identity Manager 14.5 and v15

Identity Governance 14.5 and v15

Identity Portal 14.5 and v15

There is no impact to any IGA products resulting from the recent “NPM Ecosystem Supply Chain” compromise.

This incident involved the compromise of certain npm packages (such as chalk, debug, ansi-styles, etc.) that were published after 8 September 2025, which may have contained malicious code introduced through a maintainer account takeover.

All our existing IGA product releases were built prior to 8 September 2025; therefore, they are not affected by this issue.

Additionally, Broadcom maintains a local npm repository for all packages used by its security products after this incident. These products do not directly download packages from the public npm registry. All npm packages are thoroughly scanned and validated before being uploaded to the local repository to ensure their integrity and security.

Regarding another Broadcom product (Symantec Directory), you also have this article

Symantec Directory : Impact of NPM Ecosystem Supply Chain Compromise on Symantec Security Products