npm
The most widely used online repository for Node.js projects.
Spam-pm: Investigating the Spam Invasion of npm
A deep dive into escalating spam problem on npm, and exploring the registry's unwanted guests.
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 7 min
From Confusion to Compromise: Dependency Confusion Attacks
A primer on dependency confusion attacks
Read morePublished by Garnet Research (@research)By- Date
- Reading time
- · 4 min
Super Dependence In Modern Software
A primer on transitive dependencies in open source software and how it results in super dependence.
Read morePublished by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
By and- Date
- Reading time
- · 9 min
All your domains are belong to us
Let's discuss one of the most underrated but effective attack vectors: using expiring domains to take over npm packages.
Read morePublished by Garnet Research (@research)By- Date
- Reading time
- · 10 min
The worst fear of a JavaScript developer
A discussion on the risks of transitive dependencies in JavaScript.
Read morePublished by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
By and- Date
- Reading time
- · 7 min
