HK
Heykuki News
Top
New
Best
Ask
Show
Jobs
Toggle theme
Top
New
Best
Ask
Show
Jobs
Request
151.
▲
Gmail for Exfiltration: Malicious NPM Packages Target Solana Private Keys and
socket.dev
discuss
a year ago
feross
4 points
152.
▲
Quasar Rat Disguised as an NPM Package for Detecting Vulnerabilities in Ethereum
socket.dev
discuss
2 years ago
feross
4 points
153.
▲
The Business of Ransomware: Insights from Reddit AMA with Ransomware
socket.dev
discuss
2 years ago
feross
4 points
154.
▲
Malicious NPM Packages Inject SSH Backdoors via Typosquatted Libraries
socket.dev
discuss
2 years ago
feross
4 points
155.
▲
ESLint Is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
socket.dev
discuss
2 years ago
feross
4 points
156.
▲
NIST Misses 2024 Deadline to Clear NVD Backlog
socket.dev
discuss
2 years ago
feross
4 points
157.
▲
3.7M Fake GitHub Stars: A Growing Threat Linked to Scams and Malware
socket.dev
discuss
2 years ago
feross
4 points
158.
▲
Understanding the Risks of Trivial Packages in Modern Software Projects
socket.dev
discuss
2 years ago
feross
4 points
159.
▲
Pnpm 9.5 Introduces Catalogs: Shareable Dependency Version Specifiers
socket.dev
discuss
2 years ago
feross
4 points
160.
▲
OpenSSF Warns of Reputation Farming Leveraging Closed GitHub Issues and PRs
socket.dev
discuss
2 years ago
feross
4 points
161.
▲
Python Software Foundation Announces 5-Year Sponsorship Commitment from Fastly
socket.dev
discuss
2 years ago
feross
4 points
162.
▲
SSO
socket.dev
discuss
2 years ago
feross
4 points
163.
▲
JSR Now in Public Beta, Aims to Shift Community Towards Using ESM Modules
socket.dev
discuss
2 years ago
feross
4 points
164.
▲
Hackers are using package managers as vectors for deploying coinminer malware
socket.dev
discuss
2 years ago
feross
4 points
165.
▲
When "Everything" Becomes Too Much: The NPM Package Chaos of 2024
socket.dev
discuss
2 years ago
feross
4 points
166.
▲
“Safe NPM” – NPM wrapper to protect developers from malware
socket.dev
discuss
3 years ago
feross
4 points
167.
▲
NPM 'bin' script confusion can override NPM/node commands
socket.dev
discuss
4 years ago
axsharma
4 points
168.
▲
Attackers Are Hunting High-Impact Node.js Maintainers with Social Engineering
socket.dev
2 comments
3 months ago
pier25
3 points
169.
▲
Socket secures $40M to combat next-generation software supply chain attacks
socket.dev
2 comments
2 years ago
feross
3 points
170.
▲
AI Has Taken over Open Source
socket.dev
1 comment
a month ago
ChicknNuggt
3 points
171.
▲
Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline
socket.dev
1 comment
2 months ago
salkahfi
3 points
172.
▲
Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes
socket.dev
1 comment
3 months ago
tamnd
3 points
173.
▲
Temporal API Ships in Chrome 144, Marking a Major Shift for JavaScript Date
socket.dev
1 comment
5 months ago
feross
3 points
174.
▲
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
socket.dev
1 comment
5 months ago
feross
3 points
175.
▲
NPM Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps
socket.dev
1 comment
6 months ago
feross
3 points
176.
▲
Shai-Hulud Strikes Again, Again. (NPM Supply Chain Attack)
socket.dev
1 comment
7 months ago
pvtmert
3 points
177.
▲
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, Former Maintainers
socket.dev
1 comment
8 months ago
feross
3 points
178.
▲
Package Maintainers Call for Improvements to GitHub's New NPM Security Plan
socket.dev
1 comment
9 months ago
feross
3 points
179.
▲
Rv Is a New Rust-Powered Ruby Version Manager Inspired by Python's Uv
socket.dev
1 comment
10 months ago
feross
3 points
180.
▲
Nx NPM Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools
socket.dev
1 comment
10 months ago
feross
3 points
More