Tag
open-source-maintainers
Safeguard articles tagged "open-source-maintainers" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Supply Chain Attacks
The faker.js and colors.js Sabotage: What Maintainer-Driven Risk Teaches About Pinning
In January 2022 a trusted maintainer bricked two npm packages with a combined 26M+ weekly downloads — from his own account, with valid credentials.
Jul 13, 20266 min read
Vulnerability Management
Zero-Day Patch Response at Scale: Can Open Source Maintai...
Zero-day patch timelines swing from 3 hours to 10 weeks across open source projects. Here's why maintainer capacity, not tooling, is the real bottleneck.
May 16, 20268 min read