Shai-Hulud Supply Chain Attack Incident Response
The Shai-Hulud supply chain attack is a major incident targeting developers through malicious packages in the npm ecosystem. This post outlines the incident response steps that can be taken to...
Blog
Follow for the latest updates and insights on
open source security & engineering.
npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More
npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this blog, we will analyze the attack and its impact on the npm...
Diff-based SCA with AI is Broken — Real Examples from Pipfile.lock, yarn.lock, and Cargo.lock
Diff-based Software Composition Analysis (SCA) scanners in pull requests are prone to blind spots. By relying only on git diff data, they miss package context, suffer from nondeterministic...
npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)
Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in...
Ship Code.
Not Malware.
Start free with open source tools on your machine. Scale to a unified platform for your organization.
