Tag
package-compromise
Safeguard articles tagged "package-compromise" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Incident Analysis
UAParser.js npm package compromise
A deep dive into the 2021 ua-parser-js npm compromise: how a hijacked maintainer account delivered cryptominers and credential stealers to millions.
Nov 8, 20257 min read
Incident Analysis
chalk and debug npm package compromise incident
A phished maintainer account led to a malicious npm publish of chalk, debug, and 16 related packages, exposing a crypto-clipper to billions of weekly downloads.
Nov 5, 20257 min read
Open Source Security
How Package Takeover via Maintainer Account Compromise Ac...
Attackers don't hack npm's servers — they phish or socially engineer maintainers. Here's how account takeover turns trusted packages into malware.
Jul 31, 20257 min read