Account Takeover

Debunking Security for Developers (Part 1)

A primer for developers on commonly used buzz words in security.

Published by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
primo secondo
By @fkj  and  @us
 · 9 min
Read more
Code

Attack vector

See all articles

Understanding and Preventing Manifest Confusion

A primer on manifest confusion vulnerability in npm

Published by Garnet Research (@research) Garnet Research (@research)
By @research 
 · 5 min
Read more
malware

Dependency Confusion

From Confusion to Compromise: Dependency Confusion Attacks

A primer on dependency confusion attacks

Published by Garnet Research (@research) Garnet Research (@research)
By @research 
 · 4 min
Read more
Hacker

Domain takeover

All your domains are belong to us

Let's discuss one of the most underrated but effective attack vectors: using expiring domains to take over npm packages.

Published by Garnet Research (@research) Garnet Research (@research)
By @research 
 · 9 min
Read more
All your base are belong to us

Manifest Confusion

Understanding and Preventing Manifest Confusion

A primer on manifest confusion vulnerability in npm

Published by Garnet Research (@research) Garnet Research (@research)
By @research 
 · 5 min
Read more
malware
See all articles

The worst fear of a JavaScript developer

A discussion on the risks of transitive dependencies in JavaScript.

Published by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
primo secondo
By @fkj  and  @us
 · 7 min
Read more
The dependency graph for @solana/web3.js

Phishing

Spam-pm: Investigating the Spam Invasion of npm

A deep dive into escalating spam problem on npm, and exploring the registry's unwanted guests.

Published by Garnet Research (@research) Garnet Research (@research)
By @research 
 · 7 min
Read more
Spam in npm

Security for Developers

Beyond Known CVEs: Understanding Supply Chain Attacks

A post explaining key differences between two cybersecurity threats: known vulerabilities and supply chain attacks.

Published by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
primo secondo
By @fkj  and  @us
 · 4 min
Read more
Hacker

spam

Spam-pm: Investigating the Spam Invasion of npm

A deep dive into escalating spam problem on npm, and exploring the registry's unwanted guests.

Published by Garnet Research (@research) Garnet Research (@research)
By @research 
 · 7 min
Read more
Spam in npm

Transitive dependencies

See all articles

From Confusion to Compromise: Dependency Confusion Attacks

A primer on dependency confusion attacks

Published by Garnet Research (@research) Garnet Research (@research)
By @research 
 · 4 min
Read more
Hacker