Exploring extensions of dependency confusion attacks via npm package aliasing
4y agoen
Source
SnykExploring extensions of dependency confusion attacks via npm package aliasingsnyk.ioLearn about a new extension to dependency confusion which has its premise on npm’s package aliasing capabilities.
You might also wanna read
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi
The case for dependency cooldowns in a post-axios world
Datadog·2mo ago
Software Supply Chain Attacks: Exploiting Trust Assumptions in Modern Development
The article examines the growing threat of software supply chain attacks that exploit fundamental trust assumptions in modern development wo

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack
projectptixiakis.github.io·1mo ago
NPM supply chain attack compromises popular packages, posing widespread security risk
A significant supply chain attack on the NPM package ecosystem compromised several popular packages, potentially allowing malicious code to

Bun v0.5.1
bun.com·3y ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.