Search
Items tagged with: npm
‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens | Kevin Patel
「 “It’s a shame, but what can you do? This is just the price of building modern web apps,” said Senior Frontend Engineer Mark Vance, echoing the sentiments of a community that completely relies on a 40-level-deep nested tree of unvetted packages maintained by pseudonymous strangers to capitalize a single string 」
kevinpatel.xyz/posts/no-way-to…
‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens
SAN FRANCISCO, CA - In the wake of a devastating supply chain attack in the npm registry that left millions of enterprise applications compromised and billions of user records exposed, developers across the JavaScript ecosystem expressed deep sorrow …Kevin Patel
Bitwarden-cli 2026.4.0 compromised. Ugh.
Not something one likes to read in the morning. :(
socket.dev/blog/bitwarden-cli-…
#bitwarden #bitwardencli #npm #security
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI 2026.4.0 was compromised in the Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.Socket Research Team (Socket)
