Homebrew 6.0 released with new security mechanism, Linux sandbox and more
Homebrew was "less vulnerable 10 years ago than npm is today," project lead tells us
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Homebrew was "less vulnerable 10 years ago than npm is today," project lead tells us
Failure to match metadata with packaged files is perfect for supply chain attacks The npm Public Registry, a database of JavaScript packages, fails to compare npm package manifest data with the archive of files that data describes, creating an opportunity for the installation and execution of malicious files.…
Boffins find common code constructs that may be exploitable to achieve remote code execution Back in March, security researchers reported a critical command injection vulnerability in Parse Server, an open-source backend for Node.js environments.…
Security engineer outlines self-help strategy for keeping software supply chain safe Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains.…