Tag
package-manager-security
Safeguard articles tagged "package-manager-security" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Supply Chain Attacks
The Six-Month PEAR go-pear.phar Installer Compromise
How a single tampered PEAR go-pear.phar installer sat undetected on pear.php.net for months, what it could do, and what the PHP ecosystem learned about supply chain trust.
Nov 19, 20257 min read
Open Source Security
How Package Manager Design Choices Influence Supply Chain...
npm, PyPI, RubyGems, Go, and Cargo each made different design bets on install scripts, namespacing, and signing — and those bets directly shape supply chain attack surface.
Aug 11, 20258 min read