Hacker News
- NPM lockfiles can be a security blindspot for injecting malicious modules in PRs https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 73 comments
- Why npm lockfiles can be a security blindspot for injecting malicious modules https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 27 comments javascript
- Why npm lockfiles can be a security blindspot in Github PRs for injecting malicious modules https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 17 comments javascript
- Why npm lockfiles can be a security blindspot for injecting malicious modules https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 14 comments node
- Why npm lockfiles can be a security blindspot for injecting malicious modules https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 8 comments netsec
- Why npm lockfiles can be a security blindspot in Github PRs for injecting malicious modules https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 3 comments webdev
- Why npm lockfiles can be a security blindspot for injecting malicious modules https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/ 17 comments node
Linking pages
- Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine | Snyk https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 405 comments
- Release: Yarn 4.0 🪄⚗️ | Yarn https://yarnpkg.com/blog/release/4.0 161 comments
- What is a backdoor? Let's build one with Node.js | Snyk https://snyk.io/blog/what-is-a-backdoor/ 46 comments
- Understanding filesystem takeover vulnerabilities in npm JavaScript package manager | Snyk https://snyk.io/blog/understanding-filesystem-takeover-vulnerabilities-in-npm-javascript-package-manager/ 28 comments
- Ruby gem installations can expose you to lockfile injection attacks | Snyk https://snyk.io/blog/ruby-gem-installation-lockfile-injection-attacks/ 11 comments
- NPM security: preventing supply chain attacks | Snyk https://snyk.io/blog/npm-security-preventing-supply-chain-attacks/ 3 comments
- GitHub - lirantal/lockfile-lint: Lint an npm or yarn lockfile to analyze and detect security issues https://github.com/lirantal/lockfile-lint 2 comments
- GitHub - LavaMoat/LavaMoat: tools for sandboxing your dependency graph https://github.com/LavaMoat/LavaMoat 2 comments
- Yarn 4.0 ups security, ease of use and performance – but is it enough to win back users? • DEVCLASS https://devclass.com/2023/10/25/yarn-4-0-ups-security-ease-of-use-and-performance-but-is-it-enough-to-win-back-users/ 2 comments
- 3 Jedi-inspired lessons to level up your JavaScript security | Snyk https://snyk.io/blog/jedi-lessons-to-level-up-javascript-security/ 0 comments
- Getting Serious About Open Source Security | by Dan Lorenc | Medium https://medium.com/@dlorenc/getting-serious-about-open-source-security-1d15609478fa 0 comments
- When not to use package-lock.json - DEV Community 👩💻👨💻 https://dev.to/gajus/stop-using-package-lock-json-or-yarn-lock-3ddi 0 comments
- GitHub - TupleType-1/awesome-cicd-attacks: Practical resources for offensive CI/CD security research. https://github.com/TupleType-1/awesome-cicd-attacks 0 comments
- GitHub - lirantal/awesome-nodejs-security: Awesome Node.js Security resources https://github.com/lirantal/awesome-nodejs-security 0 comments
Linked pages
Would you like to stay up to date with Web Development? Checkout Web Development
Weekly.
Related searches:
Search whole site: site:snyk.io
Search title: Why npm lockfiles can be a security blindspot for injecting malicious modules | Snyk
See how to search.