GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y ...
GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
GitHub MCP Registry makes Model Context Protocol servers with GitHub repos discoverable from Visual Studio Code.
GitHub has unveiled a comprehensive plan to improve npm (Node Package Manager) security. The measures are a direct response to the major npm attack in mid-September, in which self-replicating malware ...
The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
In response to the recent supply chain attack in the JavaScript package manager npm, GitHub has made a few changes that will ...
The foundations said in their blog post that automated CI systems, large-scale dependency scanners, and ephemeral container ...
"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and pushes itself further into the ecosystem. Once a single environment is ...
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback