Package Managers

Feeds to Scour
SubscribedAll
Scoured 220 posts in 17.4 ms

npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

馃敆Dependency ResolutionContent type: Blog
socket.dev

shcherbak-ai/licenseal: Fast cross-ecosystem dependency license compatibility checker + Claude Code review skill

馃敆Dependency ResolutionContent type: Code
github.comHacker News

Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting

馃尶gitContent type: Blog
about.gitlab.com

Upcoming breaking changes for npm v12 - GitHub Changelog

馃敆Dependency ResolutionContent type: BlogContent type: Tutorial
github.blogLobsters, Hacker News, r/javascript, r/node

someone actually leaked the Miasma supply chain attack toolkit source code on github

馃敆Dependency Resolution
safedep.ioHacker News, r/programming

GitHub pulls pin on npm's auto-run scripts

馃敆Dependency ResolutionContent type: News
theregister.com

A package manager for AI assets (and why the lock file is per-user)

馃敆Dependency ResolutionContent type: Blog
sleuth-io.github.ioHacker News

New IronWorm malware hits 36 packages in npm supply-chain attack

馃敆Dependency Resolution
bleepingcomputer.comHacker News

debsecan-mcp v0.1.2 released to PyPI

馃敆Topological SortingContent type: Blog
copyninja.in

NASA Says Goodbye to Its Longtime Mars MAVEN Mission - Slashdot

馃敆Dependency Resolution
science.slashdot.org

Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels

馃敆Supply ChainContent type: Blog
socket.devHacker News

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

馃敆Dependency Resolution
thenextweb.com

Config Files That Run Code: Supply Chain Security Blindspot

馃敆Dependency Resolution
safedep.ioHacker News

How 56 npm packages used binding.gyp to steal CI/CD secrets

馃敆Dependency ResolutionContent type: Blog
reversinglabs.com

NASA's Mars MAVEN probe is dead

馃敆Dependency Resolution
engadget.comr/space

Glone: A CLI to back up all your GitHub repositories

馃敁Open Source SoftwareContent type: Code
github.comHacker News

Miasma NPM Supply Chain Attack: Self-Spreading Worm via Phantom Gyp

馃敆Dependency ResolutionContent type: Blog
stepsecurity.ioHacker News

NPM-Scan v1.1.0: Four New Detectors for June 2026 Supply Chain Attacks

馃敆Dependency ResolutionContent type: Code
github.comHacker News

Ongoing NPM supply chain attack uses binding.gyp to spread like a worm

馃敆Dependency ResolutionContent type: Code
github.comHacker News

New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack

馃敆Dependency Resolution
it.slashdot.org

No more posts from matmat's subscribed feeds.

Scour all 25255 feedsLearn more about Feeds

Keyboard Shortcuts

Navigation

Next / previous item
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help