Safeguard
Topic

Software Supply Chain Security

In-depth guides and analysis on software supply chain security from the Safeguard engineering team.

175 articles

Software Supply Chain Security

npm typosquatting attacks

npm typosquatting turns a single mistyped `npm install` into a live compromise. Real incidents, attack patterns, and defenses that actually catch it.

Jul 6, 20267 min read
Software Supply Chain Security

The SolarWinds Orion supply chain attack explained

How SUNBURST hid inside a signed SolarWinds Orion update, hit 18,000 organizations, and reshaped supply chain security.

Jul 6, 20267 min read
Software Supply Chain Security

The Codecov Bash uploader breach

How a Docker image flaw let attackers tamper with Codecov's Bash Uploader for 65 days, exfiltrating CI secrets from HashiCorp, Twilio, and more.

Jul 6, 20267 min read
Software Supply Chain Security

3CX DesktopApp supply chain compromise

How North Korea-linked hackers turned a signed, trusted 3CX VoIP installer into malware — and the double supply chain attack that made it possible.

Jul 6, 20266 min read
Software Supply Chain Security

The XZ Utils backdoor CVE-2024-3094 explained

CVE-2024-3094 hid a remote-access backdoor inside xz-utils via a years-long social engineering campaign. Here's the timeline, impact, and fix.

Jul 5, 20267 min read
Software Supply Chain Security

event-stream npm package backdoor incident

How a routine maintainer handoff let attackers slip a Bitcoin-stealing backdoor into event-stream, hitting millions of npm installs for ten weeks.

Jul 5, 20267 min read
Software Supply Chain Security

ua-parser-js npm hijack incident

In 2021, a hijacked npm account pushed cryptomining and password-stealing malware into ua-parser-js for 4 hours. Here's what happened and how to catch it faster.

Jul 5, 20266 min read
Software Supply Chain Security

colors.js and faker.js protestware sabotage

In 2022, maintainer Marak Squires turned colors.js and faker.js into protestware, breaking 19,000+ npm projects and coining a new supply chain threat term.

Jul 5, 20266 min read
Software Supply Chain Security

node-ipc protestware targeting Russia/Belarus IPs

In March 2022, node-ipc's maintainer shipped code wiping files on Russian and Belarusian machines. Here's what happened, how it spread, and how to catch it next time.

Jul 4, 20266 min read
Software Supply Chain Security

The Shai-Hulud npm worm campaign

A self-replicating npm worm hit 500+ packages in September 2025 and 796 more in November — here's how Shai-Hulud actually spread, stole secrets, and what stops it.

Jul 4, 20267 min read
Software Supply Chain Security

SHA1-Hulud second-wave npm supply chain incident

Shai-Hulud's November 2025 second wave hit npm via a Bun-based worm, stealing cloud creds and re-publishing trojanized packages at scale.

Jul 4, 20267 min read
Software Supply Chain Security

Mini Shai-Hulud hits TanStack npm packages

TeamPCP's Mini Shai-Hulud worm hijacked 42 TanStack npm packages via stolen GitHub OIDC tokens, spreading to 169 packages with valid SLSA attestations.

Jul 4, 20267 min read
Software Supply Chain Security — Supply Chain Security Blog | Safeguard