| 192 |
The Everything NPM Package |
2024-01-06 |
| 133 |
Show HN: Socket – Secure your JavaScript supply chain |
2022-03-01 |
| 127 |
The push to ban ransom payments is gaining momentum |
2024-05-22 |
| 114 |
Social engineering campaign targeting tech employees spreads through NPM malware |
2023-07-25 |
| 77 |
German Court Fines Security Researcher for Reporting Company's Vulnerabilities |
2024-01-23 |
| 65 |
OpenJS: "XZ Utils Cyberattack Likely Not an Isolated Incident" |
2024-04-17 |
| 64 |
What's Going on Inside Your Node_modules Folder? |
2022-03-02 |
| 62 |
Chinese devs are storing 1000s of eBooks on GitHub and NPM |
2022-11-06 |
| 53 |
Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum |
2024-07-06 |
| 42 |
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack |
2024-06-26 |
| 25 |
Automated Spam Campaign Floods GitHub/NPM with 1000s of Garbage Packages |
2024-07-12 |
| 24 |
New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io |
2024-09-12 |
| 19 |
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom |
2024-03-29 |
| 14 |
$4.6M Series Seed to defend open source from supply chain attacks |
2022-05-12 |
| 13 |
Socket AI – Scan every NPM and PyPI package for malware with ChatGPT |
2023-03-31 |
| 13 |
Express.js Spam PRs Highlight the Commoditization of Open Source Contributions |
2024-02-13 |
| 12 |
Supply Chain Attacks Targeting LLM Application Developers: The Hidden Dangers Of |
2024-10-24 |
| 11 |
NIST's New Password Guidelines Will Eliminate Periodic Changes and Special |
2024-09-26 |
| 11 |
Threat Actor Exposes Playbook for Exploiting NPM to Build Blockchain-Powered |
2024-11-19 |
| 11 |
Socket, an open source supply chain security platform |
2022-03-01 |
| 9 |
Redis License Shift Splits Community: Open-Source Contributors Move to Fork |
2024-03-27 |
| 9 |
Node.js Community Debate Intensifies over Potentially Unbundling NPM |
2024-02-08 |
| 8 |
"Valkey" Open Source Redis Fork Backed by Linux Foundation, Amazon, Google |
2024-03-29 |
| 8 |
Judicious JSON |
2024-01-04 |
| 7 |
Over 20,000 backdoored NPM, PyPI, and Go packages detected by Socket |
2024-03-30 |
| 6 |
CISA Announces Initiative to Fortify Security of Open Source Package Registries |
2024-03-07 |
| 5 |
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security |
2024-09-23 |
| 5 |
New Axobject-Query Maintainer Faces Backlash over Controversial Decision To |
2024-06-25 |
| 5 |
Researchers Uncover NPM Registry Vulnerability to Cache Poisoning and DoS |
2024-06-15 |
| 5 |
Threat Actors Are Abusing GitHub's File Upload Feature to Host Malware |
2024-04-23 |
| 5 |
Rubygems.org Adds New Maintainer Role |
2024-11-13 |
| 5 |
Packaging Trends in Python: Highlights from the 2023 Developer Survey |
2024-09-03 |
| 5 |
Uv: Python's New High-Speed Package Manager Promises to Simplify Tooling |
2024-08-28 |
| 5 |
PyPI Slashes Malware Response Time: 90% of Issues Resolved in Under 24 Hours |
2024-08-21 |
| 5 |
Node.js Takes Steps Towards Removing Corepack |
2024-08-08 |
| 5 |
Ua-Parser-JS Drops MIT License, Adopts AGPLv3 and Pro Dual Licensing Model |
2024-06-18 |
| 5 |
Mobile, Alabama Hospital Refuses to Pay Settlement in Landmark Ransomware Death |
2024-05-30 |
| 5 |
NPM Registry Swamped by Bizarre John Wick Frenzy |
2023-03-30 |
| 4 |
NPM Registry Code Signing |
2023-04-19 |
| 4 |
New Research Shows Teams of LLM Agents Can Autonomously Exploit Zero-Day |
2024-06-11 |
| 4 |
The Alarming NVD Backlog: Over 50% of Known Exploited Vulnerabilities Await |
2024-05-24 |
| 4 |
ESLint Is Now Language-Agnostic: Linting JSON, Markdown, and Beyond |
2024-10-04 |
| 4 |
NIST Misses 2024 Deadline to Clear NVD Backlog |
2024-10-01 |
| 4 |
3.7M Fake GitHub Stars: A Growing Threat Linked to Scams and Malware |
2024-08-27 |
| 4 |
Understanding the Risks of Trivial Packages in Modern Software Projects |
2024-08-22 |
| 4 |
Pnpm 9.5 Introduces Catalogs: Shareable Dependency Version Specifiers |
2024-07-08 |
| 4 |
OpenSSF Warns of Reputation Farming Leveraging Closed GitHub Issues and PRs |
2024-06-26 |
| 4 |
Python Software Foundation Announces 5-Year Sponsorship Commitment from Fastly |
2024-05-17 |
| 4 |
SSO |
2024-04-30 |
| 4 |
JSR Now in Public Beta, Aims to Shift Community Towards Using ESM Modules |
2024-03-05 |
| 4 |
Hackers are using package managers as vectors for deploying coinminer malware |
2024-01-05 |
| 4 |
“Safe NPM” – NPM wrapper to protect developers from malware |
2023-03-16 |
| 4 |
NPM 'bin' script confusion can override NPM/node commands |
2022-10-21 |
| 3 |
Socket secures $40M to combat next-generation software supply chain attacks |
2024-10-22 |
| 3 |
2023 State of JavaScript Survey Highlights: Vite Dominates, TypeScript Adoption |
2024-06-23 |
| 3 |
Malicious NPM Package Exploits WhatsApp Authentication with Remote Kill Switch |
2024-11-15 |
| 3 |
NPM Malware Campaign Leverages Ethereum Smart Contracts to Evade |
2024-11-01 |
| 3 |
Dutch National Police Disrupt Redline and Meta Malware Operations |
2024-10-29 |
| 3 |
Ruby Support in Socket |
2024-10-21 |
| 3 |
Socket Optimize – CLI to override dependencies with tested, optimized versions |
2024-10-16 |
| 3 |
Typosquatting on PyPI: Malicious Package Mimics Popular 'Browser-Cookie3' |
2024-10-11 |
| 3 |
White House Cybersecurity Advisor Calls for Ban on Using Insurance Claims For |
2024-10-08 |
| 3 |
Cloudflare Adds Security.txt Setup Wizard |
2024-09-30 |
| 3 |
Malicious "express-dompurify" NPM Package Steals Browser and Cryptocurrency |
2024-09-27 |
| 3 |
Enisa 2024 Threat Landscape Report Warns of Increasing State-Sponsored Supply |
2024-09-27 |
| 3 |
Highlights from the 2024 Rails Community Survey |
2024-09-25 |
| 3 |
Combatting Alert Fatigue by Prioritizing Malicious Intent |
2024-09-23 |
| 3 |
Understanding License Exceptions: What Developers Need to Know |
2024-09-20 |
| 3 |
Developer Accuses Tencent of Copyright Violation After Python Utility's License |
2024-09-18 |
| 3 |
The Socket Python SDK |
2024-09-13 |
| 3 |
Python Software Foundation Expands CNA Scope to Include Pallets Projects |
2024-09-09 |
| 3 |
Developers Burned by Elasticsearch's License Change Aren't Going Back, Despite |
2024-09-06 |
| 3 |
Socket Protects Against Revival Hijacking Attacks on PyPI |
2024-09-06 |
| 3 |
Dashboard Analytics |
2024-09-05 |
| 3 |
OpenSSF 75% of New Developers Lack Secure Software Skills Amid Rising |
2024-09-03 |
| 3 |
Malicious 'Akiraa-Wb' NPM Package Exfiltrates Files to External Services Via |
2024-08-20 |
| 3 |
Node.js Doubles Security Releases with Newly Automated Process, Re-Evaluates |
2024-08-17 |
| 3 |
New Socket Web Extension, Take Socket with You |
2024-08-14 |
| 3 |
New Default Security Policies |
2024-08-14 |
| 3 |
White House Report Highlights Persistent Challenges and Urgent Needs in Open |
2024-08-13 |
| 3 |
Adoption of Trusted Publishers Growing Among Open Source Package Repositories |
2024-08-06 |
| 3 |
Node-IP Maintainer Restores GitHub Repo After Archiving Due to Overblown CVE |
2024-07-11 |
| 3 |
DOJ Cracks Down on Federal Contractors for Failing to Meet Cybersecurity |
2024-06-19 |
| 3 |
TC39 June 2024 Meeting Roundup: 8 Proposals Advanced to Next Stages |
2024-06-13 |
| 3 |
Trojan Embedded in Crytic-Compilers Python Package Targets Blockchain Utility |
2024-06-05 |
| 3 |
NIST Announces Major Contract to Clear NVD Backlog by September |
2024-06-04 |
| 3 |
ESLint Approves RFC to Add Support for TypeScript Config Files |
2024-05-25 |
| 3 |
OSI to Lead Discussions on Navigating the Challenges of Doing Business with Open |
2024-04-12 |
| 3 |
Node.js TSC Confirms: No Intention to Remove NPM from Distribution |
2024-03-22 |
| 3 |
NVD Halts CVE Enrichment |
2024-03-19 |
| 3 |
OpenJS Launches New Collaboration to Improve Interoperability of JavaScript |
2024-02-27 |
| 3 |
JSR: What We Know So Far About Deno's New JavaScript Package Registry |
2024-02-24 |
| 3 |
Socket Organization Alerts: View Dependency Security Risks Across All Repos |
2023-12-21 |
| 3 |
Surge in Cyberattacks Activity Against Financial Services Industry |
2023-12-01 |
| 2 |
Is Running Random Code from NPM Safe? |
2024-01-03 |
| 2 |
The AI Advantage: Reshaping Cybersecurity in the Age of Autonomous Threats |
2024-04-25 |
| 2 |
GitHub Activates Push Protection by Default After Detecting over 1M |
2024-03-04 |
| 2 |
The biggest package on npm is 5.96 GB |
2024-01-10 |
| 2 |
Socket now supports the Go programming language |
2023-08-02 |
| 2 |
Show HN: Protect your Python app from an OSS supply chain attack |
2023-03-01 |
| 2 |
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories |
2024-11-13 |
| 2 |
Node.js Implements Stricter Policies for Semver-Major Pull Requests Ahead Of |
2024-11-08 |
| 2 |
Socket Recognized for Second Consecutive Year on Fortune Cyber 60 List |
2024-10-30 |
| 2 |
Noxia: Emerging Dark Web Hosting Provider Targets Python, Node.js, Go, and Rust |
2024-10-23 |
| 2 |
License Enforcement in Socket |
2024-10-17 |
| 2 |
Nightmares on NPM:How 2 Malicious Packages Facilitate Data Theft and Destruction |
2024-10-10 |
| 2 |
TC39 Advances 10 ECMAScript Proposals: Key Features to Watch |
2024-10-09 |
| 2 |
A Large-Scale Campaign to Artificially Boost Discord Server Metrics |
2024-10-04 |
| 2 |
Mitre Marks Major Milestone, Minting 400 CNAs as NVD Backlog Grows |
2024-08-14 |
| 2 |
Understanding the Security Concerns of NPM Shrinkwrap |
2024-08-09 |
| 2 |
Squarespace Domain Hijacks Enabled by Email Address Exploit on Migrated Accounts |
2024-07-16 |
| 2 |
Cyber Extortion Demands Skyrocket in 2023 While Fewer Companies Pay Ransoms |
2024-06-13 |
| 2 |
TC39 Advances Key Proposals: Deferred Import Evaluation, Error.isError(), RegExp |
2024-06-12 |
| 2 |
White House to Tackle Cybersecurity Regulation Fragmentation: CISOs Spend Up To |
2024-06-06 |
| 2 |
New Report Warns of LLM-Enhanced Cyber Threats: Polymorphic Malware, Customer |
2024-05-29 |
| 2 |
SEC Cracks Down on Unreported Data Breaches with New 30-Day Disclosure |
2024-05-21 |
| 2 |
LDAPjs Open Source Project Decommissioned After Maintainer Receives Abusive |
2024-05-17 |
| 2 |
CISA Launches Vulnrichment Project as NVD Backlog Hits 10k |
2024-05-10 |
| 2 |
Socket Partners with CISA to Champion 'Secure by Design' Standards |
2024-05-09 |
| 2 |
Risky Biz Podcast: How Shifts in Open Source Made It a Prime Attack Vector |
2024-05-01 |
| 2 |
NPM Package for ReExt React Components Library Exfiltrates Git Credentials |
2024-04-18 |
| 2 |
Connect with Socket at RSA and BSidesSF 2024 |
2024-04-15 |
| 2 |
Major Open Source Foundations Form Initiative Aimed at Building CRA-Compliant |
2024-04-04 |
| 2 |
Software Supply Chain Compromise Now the Top Threat of the Next Half Decade |
2024-04-02 |
| 2 |
How to Use Socket to Find Out If You Were Affected by the Backdoored Xz Package |
2024-03-31 |
| 2 |
Enhanced Security Scanning with Improved AI Alert Defaults |
2024-03-25 |
| 2 |
Alphv/BlackCat Fakes Law Enforcement Takedown to Scam Affiliates |
2024-03-06 |
| 2 |
Judicious JSON – Ultimate Guide to JSON |
2024-03-01 |
| 2 |
U.S. Sanctions LockBit Ransomware Affiliates, Law Enforcement Seizes Operations |
2024-02-22 |
| 2 |
Malicious NPM Package Targeting Roblox Users for Data Theft |
2024-02-06 |
| 2 |
$20M Series A to Secure Open Source Software |
2024-01-09 |
| 2 |
Blackcat Ransomware Escaltes Hostility Following FBI Release of Decryption Tool |
2023-12-21 |
| 2 |
Ledger Connect-Kit Supply Chain Attack Hits Decentralized Crypto Apps |
2023-12-14 |
| 2 |
The "Skeleton Squad" is targeting NPM |
2023-12-03 |
| 2 |
The Socket Web Extension |
2023-08-01 |
| 2 |
Limitations of CVE Security Scanners: Deep Dive into 3 Supply Chain Attacks |
2023-07-10 |
| 2 |
NPM Manifest Confusion: How Socket Protects You |
2023-06-27 |
| 2 |
What we learned building an NPM CLI wrapper |
2023-04-11 |
| 2 |
Let's Make JavaScript RegExps Streamy |
2023-02-17 |
| 2 |
Socket for GitHub 1.0 |
2022-06-15 |
| 1 |
UnitedHealth Group Discloses Protected Health Information Compromised For |
2024-04-24 |
| 1 |
New Tea.xyz Crypto Spam Targets Open Source Projects on GitHub |
2024-03-06 |
| 1 |
2023 Ransomware Trends: Rising Ransom Payments Drive Demand for Cyber Insurance |
2023-12-11 |
| 1 |
Recent Trends in Malicious Packages Targeting Discord |
2024-05-08 |
| 1 |
AI and A16Z Podcast: Combatting Modern Supply Chain Attacks with AI |
2024-05-07 |
| 1 |
NIST Drafts New Security Framework to Tackle Emerging Risks of Generative AI |
2024-05-03 |
| 1 |
The Dark Side of Open Source |
2024-04-19 |
| 1 |
Dependency Visualization: An Interactive Way to See Dependencies At |
2024-04-11 |
| 1 |
Chinchilla Squeaks Podcast: Modern Solutions for Securing Software Supply Chains |
2024-04-09 |
| 1 |
NVD Remains Stalled on Enriching CVE's, Security Industry Criticizes NIST's |
2024-04-03 |
| 1 |
U.S. Government Budget Proposal Seeks Major Increase to Cybersecurity Funding In |
2024-03-14 |
| 1 |
Node Congress Speaker Showcase: Interview with Feross Aboukhadijeh |
2024-03-08 |
| 1 |
Interview on the Daytona DotFiles Insider Blog |
2024-02-28 |
| 1 |
LockBit Dubbed "Cyber Crime Unicorn" After Reports Estimate $1B+ in Stolen Funds |
2024-02-27 |
| 1 |
Protect Your Projects from the Risks of Deprecated NPM Packages |
2024-02-01 |
| 1 |
A Short History of Protestware |
2024-01-16 |
| 1 |
'Blank Grabber' Python Package Steals Info from Discord and Telegram |
2024-01-09 |
| 1 |
Orbit Bridge Hackers Drain $81M in Crypto Assets |
2024-01-04 |
| 1 |
Socket CLI v0.9.0 Now Available |
2023-12-04 |
| 1 |
Socket Combats Insidious Typosquatting Supply Chain Attacks |
2023-11-30 |
| 1 |
Using LLMs for Analysis and Explanation in Software Supply Chain Security |
2023-10-26 |
| 1 |
Dependency Divergence GitHub Action |
2023-10-25 |
| 1 |
Unveiling the Dangers of the “AnyDesk-Malcom” Malicious Python Package |
2023-08-24 |
| 1 |
Cleaning up import paths in JavaScript/TS packages |
2023-08-16 |
| 1 |
Go Support |
2023-08-02 |
| 1 |
Socket at Black Hat and DEF Con 2023 |
2023-07-20 |
| 1 |
Why Your SCA Tool Sucks |
2023-06-26 |
| 1 |
Show HN: Socket Dependency Overview – Get Clarity over Your Dependencies |
2023-03-27 |
| 1 |
What’s in your NPM stat counter? A love doll store–we hope not |
2022-10-24 |
| 1 |
Socket – Finer-grained check runs, new config options, improved reliability |
2022-07-27 |
| 1 |
Pixi/runner – simple alternative to events and signals, emphasizing performance |
2022-07-10 |
| 1 |
Every NPM package, sorted alphabetically by name |
2022-06-23 |
| 4 |
Malicious NPM Packages Inject SSH Backdoors via Typosquatted Libraries |
2024-11-22 |
| 4 |
Stanford Study Finds 9.5% of Engineers Do Almost Nothing |
2024-11-27 |
| 3 |
Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking |
2024-11-20 |
| 2 |
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top List |
2024-11-22 |
| 17 |
Supply Chain Attack Detected in Solana/Web3.js Library |
2024-12-03 |
| 4 |
Malicious Maven Package Impersonating 'XZ for Java' Library Introduces Backdoor |
2024-12-06 |
| 2 |
NPM Updates Search Experience with New Objective Sorting Options |
2024-12-05 |
| 2 |
Typosquatting Cryptographic Libraries: Malicious NPM Packages Threaten Crypto |
2024-12-01 |
| 3 |
Malicious NPM Package Typosquats Popular TypeScript ESLint Plugin, Exfiltrates |
2024-12-11 |
| 5 |
Sonar to Acquire Tidelift, Scaling Open Source Maintainer Support |
2024-12-18 |
| 4 |
Supply Chain Attack on NPM Packages Injects Cryptojacking Malware |
2024-12-19 |
| 4 |
PyPI on Ultralytics Supply Chain Attack: Poor CI/CD Practices to Blame, No |
2024-12-14 |
| 4 |
The Business of Ransomware: Insights from Reddit AMA with Ransomware |
2024-12-17 |
| 4 |
Quasar Rat Disguised as an NPM Package for Detecting Vulnerabilities in Ethereum |
2024-12-20 |
| 2 |
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on NPM |
2024-12-12 |
| 3 |
Malicious NPM Campaign Targets Ethereum Developers with Fake Hardhat Packages |
2025-01-03 |
| 4 |
Gmail for Exfiltration: Malicious NPM Packages Target Solana Private Keys and |
2025-01-08 |
| 3 |
Weaponizing OAST: Malicious Packages Exploit NPM, PyPI, and RubyGems |
2025-01-04 |
| 2 |
Kill Switch Hidden in NPM Packages Typosquatting Chalk and Chokidar |
2025-01-13 |
| 2 |
Pnpm 10.0.0 Blocks Lifecycle Scripts by Default |
2025-01-10 |
| 2 |
Socket Now Supports Uv.lock Files |
2025-01-09 |
| 2 |
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem With |
2025-01-07 |
| 2 |
The Cyber Security Council Podcast: Securing Modern Applications in A |
2025-01-06 |