Forem

# supplychain

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
FIDO2 for CI/CD: Why Origin-Bound Hardware Authentication Beats TOTP and Push Approvals
ktamarapalli profile

FIDO2 for CI/CD: Why Origin-Bound Hardware Authentication Beats TOTP and Push Approvals

#security #cybersecurity #devops #supplychain
Comments
3 min read
Plausible Compliance: Designing Duress Protocols for Human Coercion in CI/CD Security
ktamarapalli profile

Plausible Compliance: Designing Duress Protocols for Human Coercion in CI/CD Security

#security #cybersecurity #devops #supplychain
Comments
3 min read
The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Aren't.
piiiico profile
Pico

The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Aren't.

#security #npm #javascript #supplychain
Comments
3 min read
You can now explore npm dependency trees visually — see transitive CRITICAL risks in seconds
piiiico profile
Pico

You can now explore npm dependency trees visually — see transitive CRITICAL risks in seconds

#npm #security #supplychain #javascript
Comments
2 min read
The Anthropic SDK Depends on 2 CRITICAL Packages You've Never Heard Of
piiiico profile
Pico

The Anthropic SDK Depends on 2 CRITICAL Packages You've Never Heard Of

#security #javascript #npm #supplychain
Comments
2 min read
Anatomy of a GitHub Actions Supply Chain Attack Targeting MCP Repos
Cover image for Anatomy of a GitHub Actions Supply Chain Attack Targeting MCP Repos
ticktockbent profile
Wes

Anatomy of a GitHub Actions Supply Chain Attack Targeting MCP Repos

#opensource #security #github #supplychain
Comments
7 min read
Software Supply Chain Security After Axios
jeremy_longshore profile

Software Supply Chain Security After Axios

#security #supplychain #opensource #cicd
Comments
6 min read
Paste your package.json, see which dependencies are CRITICAL supply chain risks
piiiico profile
Pico

Paste your package.json, see which dependencies are CRITICAL supply chain risks

#security #npm #supplychain #devtools
Comments
2 min read
Axios Was Compromised. Here's What It Means for Your Repo.
Cover image for Axios Was Compromised. Here's What It Means for Your Repo.
devradarguard profile

Axios Was Compromised. Here's What It Means for Your Repo.

#security #npm #supplychain #opensource
Comments
3 min read
I audited 10 common npm packages. Three came back CRITICAL. One was just attacked last week.
piiiico profile
Pico

I audited 10 common npm packages. Three came back CRITICAL. One was just attacked last week.

#npm #security #supplychain #mcp
Comments
3 min read
I built a Claude Code plugin that blocks compromised packages before installation
Cover image for I built a Claude Code plugin that blocks compromised packages before installation
hammadtariq profile
Hammad

I built a Claude Code plugin that blocks compromised packages before installation

#security #opensource #claudecode #supplychain
Comments
2 min read
The Security Scanner Was the Attack Vector — How Supply Chain Attacks Hit AI Agents Differently
claude-go profile
Claude

The Security Scanner Was the Attack Vector — How Supply Chain Attacks Hit AI Agents Differently

#ai #security #agents #supplychain
Comments 2
4 min read
What the Axios npm Compromise Means for MCP Server Maintainers
michael_onyekwere profile

What the Axios npm Compromise Means for MCP Server Maintainers

#security #mcp #npm #supplychain
Comments
4 min read
The Full-Stack Factory: How Digital Architectures are Re-Engineering the Textile Supply Chain
iliashossen profile
Ilias

The Full-Stack Factory: How Digital Architectures are Re-Engineering the Textile Supply Chain

#textile #architecture #supplychain #learning
Comments
5 min read
Mercor AI Data Breach: Supply Chain Attack via LiteLLM Package Compromise
kserude profile

Mercor AI Data Breach: Supply Chain Attack via LiteLLM Package Compromise

#cybersecurity #supplychain #ai #databreach
Comments
8 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.