build-tools
Safeguard articles tagged "build-tools" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Apache Ant 'Get' Task Certificate Validation Failure (CVE...
CVE-2020-1945 exposes insecure temp-file handling in Apache Ant, risking data leaks and build-tampering. Affected versions, CVSS/EPSS context, and fixes inside.
Vite Build Tool Security Considerations
Vite has become the default build tool for a generation of JavaScript frameworks. Its plugin model, dev server, and dependency pre-bundling each carry distinct security implications worth understanding.
Vite and Turbopack: Security Considerations for Next-Gen Build Tools
Vite and Turbopack represent the next generation of JavaScript build tools. Their architectures introduce new security considerations alongside their performance improvements.
Webpack vs Rollup vs esbuild: A Security Comparison
Choosing a bundler is usually about speed and features. Here is how Webpack, Rollup, and esbuild compare on the dimension that matters most for supply chain security.
The Security Implications of Package Bundlers
Bundlers transform your code and dependencies into production artifacts. The security implications of this transformation are significant and widely overlooked.