📦 Package Managers - matmat · Scour

Every Package You Install Can Read Your Secrets 💣ZIP Vulnerabilities

eliranturgeman.com·5d·Hacker News, r/programming·

Show HN: macOS app to ensure package managers only allow packages 1+ week old ❄️Nixpkgs

github.com·1d·Hacker News·

npm’s Defaults Are Bad ❄️Nix Flakes

nesbitt.io·2d·Hacker News·

Show HN: Home Maker: Declare Your Dev Tools in a Makefile ⚙️Build Archaeology

thottingal.in·4d·Hacker News·

Mitigating the Axios npm supply chain compromise ❄️Nix Adoption

microsoft.com·1d·

Axios NPM Package Compromised: Supply Chain Attack Delivers Cross-Platform Rat 💣ZIP Vulnerabilities

snyk.io·2d·Hacker News·

Simple Ways to Stay Safe When Installing New Software 🔒Secure Boot

forums.anandtech.com·5d·

Understanding NPM Malicious Package Detection: A Benchmark-Driven Empirical Analysis 🔗Topological Sorting

arxiv.org·2d·

Telnyx, LiteLLM and Axios: the supply chain crisis 🌳Archive Merkle Trees

martinalderson.com·2d·Hacker News·

Supply Chain Attack on Axios Pulls Malicious Dependency from npm 🔗Supply Chain

socket.dev·2d·Lobsters, Hacker News, r/programming·

Package Upgrades Feel Like Russian Roulette ❄️Nix Flakes

ziva.sh·2d·Hacker News·

Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines ❄️Nix Flakes

theregister.com·2d·Hacker News·

axios 1.14.1 and 0.30.4 on npm are compromised - dependency injection via stolen maintainer account 💣ZIP Vulnerabilities

safedep.io·2d·Hacker News, r/javascript, r/programming·

What We Learned: Axios NPM Supply Chain Compromise Emergency Briefing 🎫Kerberos Attacks

sans.org·1d·

Inside the Axios supply chain compromise 🔗Supply Chain

elastic.co·2d·

Prerelease of Ky 2.0 ✅Format Verification

github.com·4d·Hacker News, r/javascript·

Hackers compromise Axios npm package to drop cross-platform malware 🛣️BGP Hijacking

bleepingcomputer.com·2d·Hacker News·

Detecting Protracted Vulnerabilities in Open Source Projects ⚙️Build Archaeology

arxiv.org·2d·

The Hidden Blast Radius of the Axios Compromise 🧪CBOR Fuzzing

socket.dev·1d·Hacker News·

[BUG] Platform-specific optional dependencies not being included in `package-lock.json` when reinstalling with `node_modules` present · Issue #4828 🔗Topological Sorting

github.com·2d·Hacker News·

Loading more...