Do not get high(jacked) off your own supply (chain)

In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a "chaos-as-a-service" group that injected...

MAL-2026-1579 Malicious code in nf-cl-ls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05a649ee3bcabdbceb5c56f4056dda77174867deaa1600f8a196792cc6c1356c The package nf-cl-ls was found to contain malicious code. Source: ossf-package-analysis...

Building Resilient Software Supply Chains: Inside the Enhanced Qualys Software Composition Analysis

In today’s software-driven economy, every organization, regardless of industry, is a software company. And increasingly, every software company is an open-source company. With open-source components OSS now comprising up to 80% of modern codebase, the software supply chain has emerged as one of t...

@arachnodex/core (>=1.0.0 <=1.0.3), @arachnodex/create (>=1.0.0 <=1.0.2) +16 more potentially affected by CVE-2022-24802 via deepmerge-ts (>=1.1.7 <=3.0.1)

deepmerge-ts NPM version =1.1.7, =1.0.0, =1.0.0, =1.0.0, =0.1.3, =1.6.0, =0.2.5, =3.19.0, =1.0.16, =0.1.0, =1.0.1, =1.0.10, =4.0.0, =0.1.0, =0.5.5 and more Source cves: CVE-2022-24802 Source advisory: OSV:GHSA-R9W3-G83Q-M6HQ...