Security Notice: GitLab has uncovered a widespread malicious npm supply-chain attack that potentially can destroy user data. All teams are required to audit packages. Further information can be found under the Computer Security Report for November 2025 and the original blog post in https://about.gitlab.com/blog/gitlab-discovers-widespread-npm-supply-chain-attack/
use l1id as bc_id in internal mode
