The State of MCP Registries
Explore the architecture of the Model Context Protocol (MCP) and the state of its official registry. Learn how to consume server packages programmatically and discover the underlying challenges of...
Tag: security
Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis
Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions...
Diff-based SCA with AI is Broken — Real Examples from Pipfile.lock, yarn.lock, and Cargo.lock
Diff-based Software Composition Analysis (SCA) scanners in pull requests are prone to blind spots. By relying only on git diff data, they miss package context, suffer from nondeterministic...
Unpacking CVE-2025-55182: React Server Components RCE Exploit Deep Dive and SBOM-Driven Identification
A critical pre-authenticated remote code execution vulnerability (CVE-2025-55182) was disclosed in React Server Components, affecting Next.js applications using the App Router. Learn about the...
Shai-Hulud Supply Chain Attack Incident Response
The Shai-Hulud supply chain attack is a major incident targeting developers through malicious packages in the npm ecosystem. This post outlines the incident response steps that can be taken to...
Security Risks in PEP 723 and uv: Inline Metadata Gone Wrong?
PEP 723 introduces inline metadata for Python scripts, making tools like `uv` more convenient—but also potentially more dangerous. This post explores security pitfalls when dependencies are declared...
