Tag
package-provenance
Safeguard articles tagged "package-provenance" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Open Source Security
npm's shift from implicit to explicit trust: what changed...
npm quietly rebuilt its trust model in 2025 after the chalk/debug hijack and the Shai-Hulud worm. Here's what changed, why JFrog's curation model isn't enough, and how Safeguard closes the gap.
May 29, 20267 min read
Open Source Security
NuGet package signing, source mapping, and verifying pack...
A practical guide to NuGet package signing, source mapping, and provenance verification for .NET teams — with commands, config, and a troubleshooting checklist.
Jan 31, 20268 min read