GitHub is finally tightening up security around npm following multiple attacks

Following a number of recent high-profile attacks and hacking attempts, GitHub has decided to make substantial changes to the ...

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale ...

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...
InfoWorld

QR codes become the vehicle for malware in new technique

A newly-discovered malicious package with layers of obfuscation is disguised as a utility library, with malware essentially ...
Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...
Security Boulevard

New Wave of Self-Replicating NPM Malware Exposes Critical Gaps in Software Supply Chain Security

The Shai-Hulud NPM worm highlights rising open-source supply chain threats. Secure builds with SBOMs, MFA, signed packages, and zero-trust defenses.

5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.
IEEE

Graph Convolutional Networks for Mapping Source Code Entities to Architectural Modules

Abstract: Mapping source code entities manually to architectural modules is labor-intensive and time-consuming. Automating this process can help adopt static architecture compliance checking ...
Infosecurity Magazine

Malicious npm Code Reached 10% of Cloud Environments

Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may ...