#+HashtagPLUS#Hashtag the Web... #Tag your World!

Import Manifesto

Menu

#Packages

85 posts

Feed·

Images only20 of 85 posts

What We Actually Did About npm Supply Chain Attacks

🖼️

0

0

What We Actually Did About npm Supply Chain Attacks

DEV Community: typescript·Yasser's studio·2 days ago

#dev #github #packages #every #fullscreen #article

In May 2026, attackers compromised 42 TanStack packages by poisoning a GitHub Actions build cache...

15s

🖼️

0

0

Why Gentoo Linux Endures: Independence, Control and a Volunteer Passion That Outlasts Trends

WebProNews·Dave Ritchie·3 days ago

#webpronews #gentoo #users #project #packages #binary

Michał Górny challenges the stereotype that Gentoo Linux exists only for performance chasing through compilation. The distribution delivers independence from corporate control, strong security practices, surprising stability in a rolling model, and…

15s

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

📰

0

0

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

www.theregister.com - Articles·Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries·3 days ago

#theregister #opensearch #package #packages #microsoft #attacker

View the full article

Create a free account to read full articles inline — no redirect to the original site.

Create account Log in

I scanned 200 popular MCP server packages. Here is what I found.

🖼️

0

0

I scanned 200 popular MCP server packages. Here is what I found.

DEV Community: security·weiseer·3 days ago

#dev #weiseer #packages #fullscreen #package #article

Open-source supply-chain trust gate for MCP servers, validated on 200 packages. 3 BLOCK findings including 1 hardcoded LLM API key. 6 'official' servers abandoned. Free public API.

15s

🖼️

0

0

Malicious npm Package ua-parser-js2 Steals SSH Keys and Credentials via Typosquatting

WebProNews·Victoria Mossi·3 days ago

#webpronews #package #malicious #security #packages #parser

A malicious npm package called ua-parser-js2 impersonated the legitimate ua-parser-js library to steal sensitive files, environment variables, SSH keys, and credentials from developer machines via a post-install script.…

15s

🖼️

0

0

PHP's Supply Chain Under Siege: How Packagist Fights Back Against Account Takeovers and Stealthy Malware

WebProNews·Maya Perez·3 days ago

#webpronews #packages #composer #packagist #versions #releases

Recent attacks compromised laravel-lang packages and eight others via stolen GitHub credentials and hidden malware in package.json. Packagist's transparency log, Aikido detection, and upcoming immutable versions in Composer 2.10 mark concrete progress…

15s

I built an open-source dependency intelligence platform in TypeScript — here's how it works

🖼️

0

0

I built an open-source dependency intelligence platform in TypeScript — here's how it works

DEV Community: security·Zayd Mulani·3 days ago

#dev #depgraph #packages #risk #pnpm #maintainer

Most teams find out their dependencies are risky after something breaks. A maintainer disappears, a...

15s

On the Road | Rumaan Alam

🖼️

0

0

On the Road | Rumaan Alam

The New York Review of Books·Rumaan Alam·4 days ago

#nybooks #work #book #packages #parcels #people

Hu Anyan’s memoir about delivering packages in Beijing is disarmingly direct about the human cost of modern logistics.

15s

s1ngularity: supply chain attack in Nx packages - Vercel

📰

0

0

s1ngularity: supply chain attack in Nx packages - Vercel

Vercel News·Aaron Brown·4 days ago

#vercel #build #github #packages #installed #article

A critical vulnerability was published in Nx and some of its supporting libraries. Vercel builds are safe from this vulnerability by default.

15s

Shai-Hulud 2.0 Supply Chain Compromise - Vercel

📰

0

0

Shai-Hulud 2.0 Supply Chain Compromise - Vercel

Vercel News·Aaron Brown·4 days ago

#vercel #packages #impacted #customers #compromised #photo

Vercel updates that no Vercel-managed systems or internal build processes were impacted by the Shai-Halud 2.0 supply chain compromise

15s

Introducing skills, the open agent skills ecosystem - Vercel

📰

0

0

Introducing skills, the open agent skills ecosystem - Vercel

Vercel News·Andrew Qu·4 days ago

#vercel #skills #skill #packages #install #package

Introducing skills, a CLI for installing and managing agent “skill packages.” Add a skill package with npx skills add , with more commands planned.

15s

Improved data collection for Web Analytics and Speed Insights with resilient intake - Vercel

📰

0

0

Improved data collection for Web Analytics and Speed Insights with resilient intake - Vercel

Vercel News·Damien Simonin Feugas·4 days ago

#vercel #packages #analytics #speed #insights #photo

Web Analytics and Speed Insights now use resilient intake to improve data collection reliability for all teams.

15s

The MCP package looked clean. The installed tree did not.

🖼️

0

0

The MCP package looked clean. The installed tree did not.

DEV Community·Bindfort·17 days ago

#security #ai #mcp #supplychain #package #installed

We audited 31 MCP server packages across npm and PyPI. For each one, we ran two checks: a direct...

15s

Modular Swift Package Architecture for Large iOS Apps

🖼️

0

0

Modular Swift Package Architecture for Large iOS Apps

DEV Community·beefed.ai·17 days ago

#mobile #software #coding #development #package #swift

Learn how to design modular Swift packages for iOS, enforce clear boundaries, improve code reuse, and speed up CI for large teams.

15s

Figure Humanoid Robots Sort Packages Non-Stop in 24/7 Demo

🖼️

0

0

Figure Humanoid Robots Sort Packages Non-Stop in 24/7 Demo

TechRepublic·Kezia Jungco·17 days ago

#figure #robots #hours #packages #demo #article

Figure AI’s Helix 02 humanoid robots neared 40 hours of autonomous work and almost 50,000 packages in a livestreamed warehouse demo.

15s

No, the AI didn't compromise your npm packages. You did.

🖼️

0

0

No, the AI didn't compromise your npm packages. You did.

DEV Community·PRANTA Dutta·17 days ago

#part #argument #september #security #install #hulud

Okay, story time. Last Tuesday I'm scrolling Twitter (sorry, "X", whatever) and I see the fifth take...

15s

The TanStack Attack: How a Worm Slipped Through the npm Pipeline

🖼️

0

0

The TanStack Attack: How a Worm Slipped Through the npm Pipeline

DEV Community·jesus manrique·17 days ago

#security #devsecops #cache #packages #attack #malicious

The 'Mini Shai-Hulud' attack compromised 169 npm packages in 6 minutes via poisoned CI cache and valid SLSA signatures.

15s

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

🖼️

0

0

OpenAI caught in TanStack npm supply chain chaos after employee devices compromised

theregister·Carly Page·18 days ago

#x2f #security #openai #npm #tanstack #credentials

Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines

15s

npm Is on Fire: Why the Architecture Is the Product

🖼️

0

0

npm Is on Fire: Why the Architecture Is the Product

DEV Community·Vivian Voss·19 days ago

#if #npm #supplychain #packages #install #package

Wire Fire: Episode 01 The Permanent State npm (the open registry that nearly every...

15s

The Hidden Supply Chain Risk in Your `pip install`

🖼️

0

0

The Hidden Supply Chain Risk in Your `pip install`

DEV Community·Eastern Dev·19 days ago

#python #ai #supplychain #dependency #packages #surface

View the full article

Create a free account to read full articles inline — no redirect to the original site.

Create account Log in