Tag: party dependencies
-
The Register: Socket will block it with free malicious package firewall
Source URL: https://www.theregister.com/2025/09/30/socket_will_block_it_with/ Source: The Register Title: Socket will block it with free malicious package firewall Feedly Summary: “sfw" stands for Socket Firewall, but perhaps also "safe for work." Software security biz Socket has released a free command line tool to defend developers against supply chain attacks.… AI Summary and Description: Yes Summary: The text…
-
The Register: One line of malicious npm code led to massive Postmark email heist
Source URL: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ Source: The Register Title: One line of malicious npm code led to massive Postmark email heist Feedly Summary: MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark’s MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding…
-
The Register: Not pretty, not Windows-only: npm phishing attack laces popular packages with malware
Source URL: https://www.theregister.com/2025/07/24/not_pretty_not_windowsonly_npm/ Source: The Register Title: Not pretty, not Windows-only: npm phishing attack laces popular packages with malware Feedly Summary: The “is" package was infected with cross-platform malware after a scam targeting maintainers The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the…