Explore >> Select a destination
|
You are here 
|
johncodes.com | ||
| | | | |
www.haukeluebbers.de
|
|
| | | | | Motivation Since the summer of 2019 I have been looking into package dependency compromises, a subset of software supply chain attacks. Today a number of popular programming languages make heavy use of more or less centralized package repositories and come with tools that make it easy to rely on third-party packages, which often come with lots of dependencies of their own. But with each dependency the attack surface for package dependency compromises increases - and malicious actors have already used dif... | |
| | | | |
www.davidhaney.io
|
|
| | | | | Intro Okay developers, time to have a serious talk. As you are probably already aware, this week React, Babel, and a bunch of other high-profile packages on NPM broke. The reason they broke is rather astounding: A simple NPM package called left-pad that was a dependency of their code. left-pad, at the time of writing this, has 11 stars on GitHub. The entire package is 11 simple lines that implement a basic left-pad string function. | |
| | | | |
snyk.io
|
|
| | | | | A look back at the chain of events that led to the use of the malicious npm package "flatmap-stream" and a reflection on what it means for the fragility of open source. | |
| | | | |
syntackle.com
|
|
| | | You might be familiar with functions in JavaScript. An IIFE is a special type of function which is invoked implicitly. | ||
