Tag
maintainer-handoff
Safeguard articles tagged "maintainer-handoff" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Threat Research
Lessons from event-stream: How a Free Handoff Became a Bitcoin Heist
A volunteer handed control of a hugely popular npm package to a stranger, who used it to target one Bitcoin wallet app. The event-stream incident is the case study in maintainer-handoff risk.
Jul 6, 20265 min read
Open Source Security
event-stream: The Copay Attack That Rewrote npm
The 2018 event-stream incident was npm's first high-profile maintainer-handoff attack. The details still shape how we evaluate package trust.
Nov 27, 20186 min read