Tag
lockfile-security
Safeguard articles tagged "lockfile-security" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Supply Chain Attacks
The string-width-cjs npm packages: a supply chain warm-up, not a breach
One of three empty npm packages aliasing real libraries reached 500+ dependents and 7,274 weekly downloads — with no malicious code found at all.
Jul 8, 20265 min read
Tools
Best Practices for npm Lockfile Security 2026
Your package-lock.json is a supply chain control, not build noise. Six habits — npm ci, script blocking, lockfile linting, provenance checks — that stop most npm attacks cold.
Mar 10, 20266 min read