Postman posted a blog entry about the event: https://blog.postman.com/engineering/shai-hulud-2-0-npm-supp...

"Our security engineering team is investigating the matter and thus far has concluded that while some public Postman NPM packages were infected, (1) Postman as an app is not compromised, and (2) our production cloud services are also not compromised."