By
on
5 min
Understanding and Preventing Manifest Confusion
A primer on manifest confusion vulnerability in npm
Read more
-
Spam-pm: Investigating the Spam Invasion of npm
A deep dive into escalating spam problem on npm, and exploring the registry's unwanted guests.
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 7 min
-
From Confusion to Compromise: Dependency Confusion Attacks
A primer on dependency confusion attacks
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 4 min
-
Beyond Known CVEs: Understanding Supply Chain Attacks
A post explaining key differences between two cybersecurity threats: known vulerabilities and supply chain attacks.
Read morePublished by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
By and- Date
- Reading time
- · 4 min
-
Debunking Security for Developers (Part 1)
A primer for developers on commonly used buzz words in security.
Read morePublished by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
By and- Date
- Reading time
- · 9 min
-
Super Dependence In Modern Software
A primer on transitive dependencies in open source software and how it results in super dependence.
Read morePublished by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
By and- Date
- Reading time
- · 9 min
-
All your domains are belong to us
Let's discuss one of the most underrated but effective attack vectors: using expiring domains to take over npm packages.
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 9 min
-
The worst fear of a JavaScript developer
A discussion on the risks of transitive dependencies in JavaScript.
Read morePublished by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
By and- Date
- Reading time
- · 7 min
