Cookie Consent

Close
Cookies consenting list

For more information on cookies, please visit our Cookie Policy.

Cancel Save
listen.dev
  • Product
  • FAQ
  • Blog
  • Docs
  • Verdict Pages
    new
  • Get lstn for GitHub
Demo Get lstn for GitHub
git checkout
git branch
git commit -s

Sonar

The listen.dev Blog

  • account takeover
  • attack vector
  • dependency confusion
  • domain takeover
  • npm
  • see all
By @research  on Apr 4, 2023
7 min

Spam-pm: Investigating the Spam Invasion of npm

A deep dive into escalating spam problem on npm, and exploring the registry's unwanted guests.

npm spam phishing attack vector
Read more
Spam in npm
  • Hacker

    From Confusion to Compromise: Dependency Confusion Attacks

    A primer on dependency confusion attacks

    npm transitive dependencies dependency confusion attack vector
    Published by Garnet Research (@research) Garnet Research (@research)
    By @research 
    Date
    January 10, 2023
    Reading time 
     · 4 min
    Read more
  • Hacker

    Beyond Known CVEs: Understanding Supply Chain Attacks

    A post explaining key differences between two cybersecurity threats: known vulerabilities and supply chain attacks.

    attack vector security for developers
    Published by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
    primo secondo
    By @fkj  and  @us
    Date
    January 5, 2023
    Reading time 
     · 4 min
    Read more
  • Code

    Debunking Security for Developers (Part 1)

    A primer for developers on commonly used buzz words in security.

    attack vector account takeover transitive dependencies
    Published by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
    primo secondo
    By @fkj  and  @us
    Date
    November 1, 2022
    Reading time 
     · 9 min
    Read more
  • The dependency graph for @solana/web3.js

    Super Dependence In Modern Software

    A primer on transitive dependencies in open source software and how it results in super dependence.

    npm transitive dependencies
    Published by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
    primo secondo
    By @fkj  and  @us
    Date
    November 1, 2022
    Reading time 
     · 9 min
    Read more
  • All your base are belong to us

    All your domains are belong to us

    Let's discuss one of the most underrated but effective attack vectors: using expiring domains to take over npm packages.

    npm domain takeover attack vector
    Published by Garnet Research (@research) Garnet Research (@research)
    By @research 
    Date
    October 4, 2022
    Reading time 
     · 10 min
    Read more
  • The dependency graph for @solana/web3.js

    The worst fear of a JavaScript developer

    A discussion on the risks of transitive dependencies in JavaScript.

    npm transitive dependencies
    Published by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
    primo secondo
    By @fkj  and  @us
    Date
    October 4, 2022
    Reading time 
     · 7 min
    Read more

Use open source with confidence.

Get lstn for GitHub
listen.dev
Product
Verdict Pages lstn for JavaScript Integrations Docs
Resources
Blog Discord GitHub FAQ
Subscribe

Stay in the loop for latest updates, annoucements and insights on open source.

Get in touch.

Looks like you have Tracking Protection on... Please temporarily disable it in order to subscribe to our service.
  • Terms
  • Privacy
  • Security
Follow us on Twitter
Join our community on Discord
RSS Feed
garnet ©