#npm-ecosystem
#npm-ecosystem

[ follow ]

OpenAI says no user data was touched in the TanStack npm worm

Malicious TanStack npm packages were published via the legitimate release pipeline after a hijacked GitHub Actions runner exfiltrated an OIDC token mid-build.

Information security

fromInfoWorld

7 months ago

NPM attacks and the security of software supply chains

Process improvements and sustainable funding provide far more protection for open-source software supply chains than isolated technical guardrails.

[ Load more ]

#npm-ecosystem#npm-ecosystem

OpenAI says no user data was touched in the TanStack npm worm

NPM attacks and the security of software supply chains

#npm-ecosystem
#npm-ecosystem