Tag
package-takeover
Safeguard articles tagged "package-takeover" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Open Source Security
npm Package Takeover: The Summer 2024 Wave
Between May and June 2024 at least 36 npm packages were hijacked via expired maintainer domains and leaked tokens. We map the cluster.
Jun 20, 20245 min read
Software Supply Chain Security
Abandoned Package Takeover: When Maintainers Walk Away
Abandoned packages are ticking time bombs in the supply chain. When maintainers disappear, attackers can take over package names and push malicious updates to millions of downstream projects.
Mar 5, 20245 min read