javascript-supply-chain
Safeguard articles tagged "javascript-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
4 articles
ESLint config-prettier maintainer npm account compromise
A phished maintainer account turned eslint-config-prettier and four sibling npm packages into a malicious install-time payload — here's what happened and how to check exposure.
browserslist ReDoS vulnerability (CVE-2021-23364)
A ReDoS flaw in browserslist (CVE-2021-23364) let crafted query strings stall builds across the JS ecosystem. Here's the full breakdown and fix.
CVE analysis: Magecart and e-commerce JavaScript supply c...
A Magecart supply chain attack analysis of the CVEs and exploit chains behind skimmer campaigns on Adobe Commerce and Magento, plus how to defend checkout pages.
CVE-2020-7676: XSS in vue-template-compiler
CVE-2020-7676 is an XSS flaw in vue-template-compiler (pre-2.6.12) that lets attacker-controlled templates bypass URI sanitization. Impact, fix, and remediation.