Search: socket.dev | Heykuki News

Heykuki News

Top New Best Ask Show Jobs

Top New Best Ask Show Jobs

1.

Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised (socket.dev)

1233 points

9 months ago

2.

Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library (semgrep.dev)

465 points

a month ago

3.

Show HN: Socket – Secure your JavaScript supply chain (socket.dev)

133 points

4 years ago

4.

Show HN: Resource Index – FOSS Git Repository and NPM Package Index (res-index.hkit.cc)

14 points

2 years ago

5.

Show HN: Socket web extension – free NPM supply chain protection (chrome.google.com)

10 points

3 years ago

6.

Show HN: Aidevshield NPM audit for AI coding tool workflows (github.com/aidevshield)

1 point

3 months ago

7.

Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign (socket.dev)

872 points

a month ago

8.

Trivy under attack again: Widespread GitHub Actions tag compromise secrets (socket.dev)

250 points

2 months ago

9.

NPM to implement staged publishing after turbulent shift off classic tokens (socket.dev)

205 points

5 months ago

10.

The Everything NPM Package (socket.dev)

192 points

2 years ago

11.

The push to ban ransom payments is gaining momentum (socket.dev)

127 points

2 years ago

12.

Social engineering campaign targeting tech employees spreads through NPM malware (socket.dev)

114 points

3 years ago

13.

Active NPM supply chain attack: Tinycolor and 40 Packages Compromised (socket.dev)

85 points

9 months ago

14.

German Court Fines Security Researcher for Reporting Company's Vulnerabilities (socket.dev)

77 points

2 years ago

15.

OpenJS: "XZ Utils Cyberattack Likely Not an Isolated Incident" (socket.dev)

65 points

2 years ago

16.

What's Going on Inside Your Node_modules Folder? (socket.dev)

64 points

4 years ago

17.

Chinese devs are storing 1000s of eBooks on GitHub and NPM (socket.dev)

62 points

4 years ago

18.

Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum (socket.dev)

53 points

2 years ago

19.

Prettier NPM Packages Compromised in Supply Chain Attack (socket.dev)

45 points

a year ago

20.

Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack (socket.dev)

42 points

2 years ago

21.

Curl Project and Go Security Teams Reject CVSS as Broken (socket.dev)

40 points

a year ago

22.

AI Hallucinations Are Fueling a New Class of Supply Chain Attacks (socket.dev)

31 points

a year ago

23.

Gem.Coop – Community-Run Alternative to Rubygems.org, Led by Former Maintainers (socket.dev)

30 points

8 months ago

24.

Libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable (socket.dev)

27 points

a year ago

25.

DuckDB NPM Account Compromised in Continuing Supply Chain Attack (socket.dev)

27 points

9 months ago

26.

Automated Spam Campaign Floods GitHub/NPM with 1000s of Garbage Packages (socket.dev)

25 points

2 years ago

27.

New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io (socket.dev)

24 points

2 years ago

28.

New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom (socket.dev)

19 points

2 years ago

29.

Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For (socket.dev)

17 points

a year ago

30.

Go Supply Chain Attack: Malicious Package Exploits Go Module (socket.dev)

17 points

a year ago