Tag
npm-supply-chain-security
Safeguard articles tagged "npm-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Software Supply Chain Security
Mini Shai-Hulud hits TanStack npm packages
TeamPCP's Mini Shai-Hulud worm hijacked 42 TanStack npm packages via stolen GitHub OIDC tokens, spreading to 169 packages with valid SLSA attestations.
Jul 4, 20267 min read
Software Supply Chain Security
Clinejection: prompt injection turns AI coding bot into supply chain attack
A prompt-injected GitHub issue title hijacked Cline's AI triage bot, poisoned its build cache, and pushed a malicious npm release to 4,000 developers.
Jun 30, 20267 min read