Socket @SocketSecurity
Socket helps developers use open source software and stay secure. Next-gen SCA and supply chain security. socket.dev node_modules/ Joined November 2021-
Tweets1K
-
Followers4K
-
Following5K
-
Likes1K
🚀 We're excited to introduce support for Single Sign-On (SSO) for our customers, supporting 20+ identity providers. socket.dev/blog/introduci…
Tea[.]xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries. socket.dev/blog/tea-xyz-s…
Researchers claim to have created a GPT-4 agent that can autonomously exploit web vulnerabilities in real-world systems with an 87% success rate. We're not too far away from seeing fully autonomous exploits. socket.dev/blog/the-ai-ad…
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion. socket.dev/blog/unitedhea…
GitHub is susceptible to a CDN flaw that allows attackers to host malware in the file storage for any public repository. socket.dev/blog/how-threa…
Thank you to @SocketSecurity for sponsoring our Presenter Appreciation Gifts for BSidesSF 2024! bsidessf.org/sponsors #bsidessf #bsidessf2024 #infosec
There's still time to sign up for our webinar tomorrow! We're unpacking the xz-utils supply chain attack. We'll show you how this nightmare security incident unfolded and how you can secure your open source dependencies. Register for free: events.zoom.us/ev/ArQ1SnX063V…
Please join us for our next free webinar! We're unpacking the xz-utils supply chain attack on April 23rd. Learn how this nightmare security incident unfolded and how you can secure your open source dependencies from these types of attacks. Register now: events.zoom.us/ev/ArQ1SnX063V…
What does a software supply chain attack look like? Check out @feross' talk at @NodeCongress on the Dark Side of Open Source. If you enjoy digging into examples of malicious code, this is a fun video! socket.dev/blog/the-dark-…
🚨 A Socket investigation has uncovered an npm package for a React components library that exfiltrates sensitive developer information, including your operating system username, Git username, and Git email. socket.dev/blog/npm-packa… #reactjs #extjs
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation. The ecosystem is living on borrowed time until the next incident, which may already be in progress. socket.dev/blog/openjs-xz…
"I am seriously wondering how not every dev laptop is compromised these days" There’s likely way more backdoors than we realize. It’s not like the people (or state actor) behind xz-utils did nothing else for those ~2 years. They almost certainly infiltrated other projects.
"I am seriously wondering how not every dev laptop is compromised these days" There’s likely way more backdoors than we realize. It’s not like the people (or state actor) behind xz-utils did nothing else for those ~2 years. They almost certainly infiltrated other projects.
Seeing a lot of stuff about JSON today! socket.dev/blog/judicious… still covers a lot of the nuance here and other things that people might recognize when already writing JSON. Defining which specific JSON scenarios are sanitized (and by what) might help clarify discussion today.…
Who is going to be at @RSAConference and @BSidesSF in May? We can’t wait to meet you! Join us at one of our events for good food, drinks, and chill times connecting with new people in the security industry: socket.dev/blog/connect-w…
In our most recent episode of Coffee with Developers we sat down with web security expert and Socket CEO, Feross Aboukhadijeh (@feross), to discuss the recent xz backdoor incident that rocked the open source world. Watch below 👇
This is not the official package. All official packages start with @Shopify/** and this was community created. Also another reason to not blindly install npm packages just because it's easy
This is not the official package. All official packages start with @Shopify/** and this was community created. Also another reason to not blindly install npm packages just because it's easy
I'm hosting a webinar on the xz-utils supply chain attack, and I'm going to show you how this nightmare security incident unfolded. Learn about the risks of open source supply chains and how to secure your code. Register now: events.zoom.us/ev/ArQ1SnX063V…
Matteo Collina @matteocollina
42K Followers 3K Following @platformatic Co-Founder & CTO, @nodejs TSC member, Lead maintainer @fastifyjs, Board @OpenJSF, Conference Speaker, Ph.D. Past: @nearform. Views are my own.
Feross @feross
29K Followers 2K Following ⚡️ Founder + CEO @SocketSecurity (https://t.co/7g1opA8rgG) • 🌲 Visiting lecturer @Stanford (https://t.co/yw9prxLQAM) • ❤️ Open source @WebTorrentApp + @StandardJS
Seb ⚛️ ThisWeekIn.. @sebastienlorber
41K Followers 5K Following 🔥 Join 37k devs - Stay up-to-date with React: • 📨 https://t.co/DvLGHeLY5G • @ThisWeekInReact • @docusaurus maintainer
Evan You @youyuxi
260K Followers 2K Following Husband, father of two, independent OSS dev. @vuejs, @vite_js, @rolldown_rs, and more. Connoisseur of sushi. Chinese-only alt: @yuxiyou
lil uzi perf @ken_wheeler
47K Followers 3K Following practically irresistible. violently suburban. I made a jQuery plugin, gave a few talks and made a couple beats. https://t.co/6BFTpb3nXX
Jordan Harband @ljharb
8K Followers 2K Following software engineer/nerd/teacher/will try anything once; surgeon with git rebase. @TC39 ex @Coinbase/@Airbnb/@Twitter/@MobBase. Fav punctuation ⸮, scent petrichor
Ajit Nayak @ajitnayak_dev
33 Followers 1K Following
Tegroez @tegroez10342
0 Followers 146 Following
Resulti.net by Forjed @resultisearch
46 Followers 88 Following Protect your privacy since 2022! Located in the Province of Quebec, Canada🏢 #PrivacyMatters #Security #Canada #Québec A Forjed Service
Jev Björsell @jevonearth
852 Followers 1K Following CEO @ecadlabs, Likes salty things, the back-end of computer systems. Interested in building things on/with blockchains
Tommy_The_Scientist @Tommy_Scientist
361 Followers 5K Following Artificial Intelligence||Coding||Poetry||Travel||Design||Develop||Bug-Hunt||Habit Magician.
Alexander Forbes Naka.. @PlanetSatoshi
387 Followers 2K Following Fiat mining in hydrocarbons. Tick tock, next block. 2.1e15. #Bitcoin
Pangea @pangeacyber
298 Followers 356 Following Turning the fragmented world of security into a simple set of APIs
Meflahi Abdelkader @MKader1985
39 Followers 557 Following
Raja @bhoomabrsr
15 Followers 230 Following
lion1987♦️ @lion19875
361 Followers 3K Following ⚙️web3产品体验官|PI先驱者|人称财神Jay $FAR https://t.co/slZOHBTgbq @tapioca_dao pearl club member #byebyebirdie Left to Phaver ⏳@t2wrld
Roshan Limbu @Roshanlimbu205
2 Followers 59 Following
Jose Vasquez @Jose_VR13
337 Followers 5K Following Data scientist , Audio Designer,VR Explorer,Psyconaut ,Voice Over Artist, Futurista , Remote Viewer, Creative Consultant, Cyclist , Security Researcher.
Clementina Vizuete @clementin_vizue
47 Followers 5K Following
Claire Cannistraro @ClaiCannistra
47 Followers 5K Following
rameshpallikara @rameshpallikara
84 Followers 1K Following
nirapadak net @nirapadakpal
3 Followers 16 Following Hi there 👋. I'm nirapadak A passionate Android and MERN stack developer from Bangladesh
วิไลวาส.. @Kathlee04480339
79 Followers 1K Following คุณต้องการนัดเดทกับสาวไหมคะ เพิ่ม https://t.co/tlJas1TnCg
Olivia Jepko @olivi_jep
32 Followers 5K Following
Bounty Puzzle @bountypuzzle
319 Followers 704 Following
Manjula Dube @manjula_dube
7K Followers 3K Following Technical Delivery Lead @Vanguard_Group, Codes when there's 🔥. Founder @geekabyte_info #a11y, Organiser @react_india @jsconfin @WomenCoders01 @gdgberlin
calledT @huanggengtao
35 Followers 2K Following
FoxFortyTwo 🦊 @FoxFortyTwo
1K Followers 1K Following Father, coach, writer, Web3 founder and idealist. DeFi is the future. The future is now. Be part of it!
Halley Ezernack @ezernack18859
27 Followers 5K Following
Consuelo Prondzinski @CProndzins19094
18 Followers 3K Following 🖤Consuelo . 22 . Join my free content👇🌹
machzero @0xmachzero
170 Followers 760 Following I am into tech 👨🏽💻, I like metal music 🤘🏽, and I love my daughter & wife 👧🏻👸🏻. Life is too short, so shitpost away.
Anthony Campolo (ajcw.. @ajcwebdev
2K Followers 482 Following @_everfund content @DashIncubator dao @FSJamorg host @RedwoodJS bard @JavascriptJam news @bloomtech dropout Formerly @Edgioinc, @QuickNode, and StepZen
Adel Ka @0x4D31
3K Followers 2K Following full-stack threat detection engineer at @Nianticlabs | x-google lead security engineer, d&r. views are my own, not my employer's!
Alya Sultan @AlyaSultan87734
94 Followers 5K Following
Sherri Martin @SherriMart78236
14 Followers 63 Following
Veronica Kiesel @KieselVero17731
89 Followers 5K Following
Jesse Sh @jshawl
733 Followers 876 Following Selling free software like: https://t.co/R8FEUxMo9D, https://t.co/Rx8ELqBexl, https://t.co/fe80CPsYb9, and https://t.co/IOk1jOT31q. here for the right reasons. into inclusivity. computery tweets mostly
SDxCentral News @sdxcentral
47K Followers 583 Following A trusted source of independent insight in #cloud #cybersecurity #5G #SDWAN #SASE
temporary variable @tmpvar
2K Followers 1K Following
Paras Mathur @parasmathur9
35 Followers 771 Following
Rehan Qasim @rehanqasimk
86 Followers 1K Following Front End Developer Love Philosophy, Psychology and Sociology. Liberal Arts (especially trivium)
Kaylie Balliew @BalliKayli
73 Followers 5K Following
Jérémy (Breek) @breekfr
151 Followers 702 Following Nous vivons et respirons le web depuis plus de 20 ans. Spécialistes de #Drupal, #Cypress, #SolidJS. Breek rend le web plus rapide et moins énergivore !
Ankit Boghra 💜 @AnkitBoghra
426 Followers 678 Following Senior Software Engineer at @0xPolygon Labs, Ex-DAIICT
Wes Bos @wesbos
377K Followers 2K Following Fullstack JS Dev ❯ https://t.co/6heZ7gZqg1 ❯ https://t.co/lOo3xh23G1 ❯ https://t.co/XYbxq79WBS ❯ Posts 🔥 Tips ❯ Co-hosts @SyntaxFM
Sarah Drasner @sarah_edo
284K Followers 3K Following stupid like a fox • Director of Eng- Web, iOS, Android & Multiplat Infra @google, O'Reilly Author • https://t.co/HhzYWwxqL9, https://t.co/SOjL0RPUNN she/her BLM
Kelsey Hightower @kelseyhightower
237K Followers 40 Following Minimalist DMs are now closed. Just email me: [email protected]
Matteo Collina @matteocollina
42K Followers 3K Following @platformatic Co-Founder & CTO, @nodejs TSC member, Lead maintainer @fastifyjs, Board @OpenJSF, Conference Speaker, Ph.D. Past: @nearform. Views are my own.
Jake Archibald @jaffathecake
105K Followers 2K Following Engineer at @Shopify. No thought goes unpublished. 'IMO' implicit. He/him. Also jaffathecake on Mastodon, bsky, Threads etc.
Feross @feross
29K Followers 2K Following ⚡️ Founder + CEO @SocketSecurity (https://t.co/7g1opA8rgG) • 🌲 Visiting lecturer @Stanford (https://t.co/yw9prxLQAM) • ❤️ Open source @WebTorrentApp + @StandardJS
Josh W. Comeau @JoshWComeau
127K Followers 2K Following Indie hacker and educator. Blogging at https://t.co/kbdJDUdLg5. Previously @gatsbyjs, @digitalocean, @concordia_btcmp, @khanacademy. He/Him 🌈
Rich Harris @Rich_Harris
93K Followers 2K Following Cheese fan. I work on @sveltejs at @vercel. When the asteroid finally obliterates this place you can find me at @[email protected]. Until then, 🍿
Dan Lorenc @lorenc_dan
9K Followers 2K Following OSS Supply Chain Security. Founder/CEO/Primary Ariba Admin at https://t.co/sGmuUU9JbG Sigstore: https://t.co/dWKlyYu6kv
Jason Miller 🦊⚛ @_developit
60K Followers 2K Following Platform DX @Shopify. Created @preactjs. Do more with less. https://t.co/z1d6J24DlE @[email protected]
Suhail @Suhail
295K Followers 464 Following Founder: @playground_ai, @mixpanel Pizzatarian, programmer, music maker
Addy Osmani @addyosmani
343K Followers 2K Following Engineering leader, @GoogleChrome • Author • Great user & developer experiences • @ChromiumDev @ChromeDevTools • @____lighthouse • @ChromeUXReport
Sindre Sorhus @sindresorhus
62K Followers 528 Following Full-time open-sourcerer and maker of apps. Swift & Node.js. Made @awesome__re. Also: @sindre_gh_repos @[email protected]
Liran Tal @liran_tal
12K Followers 995 Following 🦄 Node.js Secure Coding: https://t.co/tK9HV9apFk 🌟 Awarded @GitHub Star 🏅 Awarded @OpenJS Pathfinder award for Security 🥑 DevRel @snyksec
Devon Govett @devongovett
34K Followers 1K Following Creator of @parceljs. Engineer @adobe working on React Aria and React Spectrum.
swyx @swyx
91K Followers 3K Following Anti-ego ideas for anti-ergodic life. Founder, @smolmodels ▹ Listen: @latentspacepod ▹ Read: @coding_career ▹ Join: @aiDotengineer
ahmetb @ahmetb
41K Followers 165 Following ᯅ software engineer, compute infrastructure and fleet orchestration @LinkedIn. distsys enthusiast. ex-(@twitter, @googlecloud,@azure) https://t.co/9wQqtxMH5n
CB @ammkrn
44 Followers 74 Following
Madelyn Olson @reconditerose
1K Followers 71 Following Engineer at AWS and maintainer at https://t.co/IiRd7lvX15, also find me at @[email protected].
Luca Casonato 🏳️.. @lcasdev
5K Followers 338 Following Software person. Building @jsr_io and @deno_land. Creator of Fresh. @tc39 delegate. he/him 🏳️🌈🌍🌻💚
PatrickJS @PatrickJS__
13K Followers 4K Following @QwikDev core team. Previous: @TipeIO (@ycombinator W18) @AngularClass @Keychain (YC S12) @HackReactor 04, @Launch 2014 Hackathon, made @Angular Universal (ssr)
JSR @jsr_io
715 Followers 6 Following The JavaScript Registry (JSR) is a module registry for TypeScript and ESM. Works with Node, Deno, browsers, and more. Free and open source.
Michael Dawson @mhdawson1
3K Followers 457 Following Node.js lead for Red Hat and IBM. #nodejs collaborator and TSC member. Enjoys exploring tech and building apps to make daily life more fun! (tweets my own).
Python Software Found.. @ThePSF
651K Followers 132 Following The nonprofit organization behind the Python programming language. For help with Python code, see https://t.co/XDHPttz2Xv On Mastodon: @[email protected]
Bun @bunjavascript
41K Followers 1 Following Bun is a fast, all-in-one toolkit for installing, bundling, running and testing JavaScript & TypeScript. To install: `npm i -g bun`
Steffen Foley @Steffen_Aspiron
5 Followers 22 Following Hunting the best talent for Cybersecurity vendors across the US || Host, CyberBytes: The Podcast🎙️
Ryan Naraine @ryanaraine
28K Followers 875 Following I write about hackers and the business of cybersecurity. Podcast + newsletter: https://t.co/ZGEyqy2h7g. Columns: @securityweek. Conference: @labscon_io
Tines @tines_hq
2K Followers 703 Following Smart, secure workflows for your whole team. Get started with our free, fully-loaded Community Edition - https://t.co/qmewAtzVuo
Truffle Security @trufflesec
3K Followers 1 Following The TruffleHog company We find credentials, with open source https://t.co/7CnEqo1inq https://t.co/8vZxthRRXX
Andrew Lisowski @HipsterSmoothie
2K Followers 2K Following Senior Software Engineeer @DescriptApp | Co-Host of @DevtoolsFM
Justin Bennett @Zephraph
2K Followers 2K Following Open-source enthusiast; maker. Co-founder of @membraneio. Co-host of @DevtoolsFM. @recursecenter Alum. Prev at @oxidecomputer, @ArtsyOpenSource.
devtools.fm @DevtoolsFM
3K Followers 269 Following A podcast about developer tools. Hosted by @hipstersmoothie and @zephraph. Become a https://t.co/INWPWJOwBL, come talk https://t.co/JFbwQSnPIQ
Renovate Bot @renovatebot
968 Followers 60 Following Open Source Automated Dependency Updates. 14k+ ⭐ - GitHub 👉 https://t.co/kOQ2ANni5q Part of @mend_io.
npm malware @npm_malware
1K Followers 10 Following 📣 We tweet malicious packages detected on npm in real-time. 🚨 Not affiliated with @npmjs or @github. 🛡 Powered by the @SocketSecurity threat feed. ✨
Cybersecurity and Inf.. @CISAgov
279K Followers 109 Following America's Cyber Defense Agency and National Coordinator for critical infrastructure security & resilience. Likes, RTs, follows ≠ endorsements.
Dennis @DennisF
6K Followers 1K Following ΣΧ, co-founder of @DecipherSec. New novel BE GONE available NOW: https://t.co/bVFJcL9PdF. Golf dork. Friend of hackers. @duosec forever. @rsnake knower.
Decipher @DecipherSec
4K Followers 419 Following Security without fear. Decipher delivers journalism on information security and privacy that informs, educates and inspires. Editors: @DennisF & @lindseyOD123.
Syntax @syntaxfm
42K Followers 271 Following A Tasty Treats Podcast for Web Developers from @wesbos and @stolinski Brought to you by @getsentry
Philipp Burckhardt @burckhap
2K Followers 2K Following ⚡Data science & AI at @SocketSecurity (https://t.co/rjmrp0fCL0) 📖 ISLE e-learning platform @CMU_Stats 🔭 Scientific computing for the web via @stdlibjs (https://t.co/nJc4oxoUlD)
Jasvir Nagra ✨ @jasvir
1K Followers 702 Following Advisor & builder. Formerly security @dropbox, product @instart & @google, authored Surreptitious Software, TL for Caja. I love good food, fine wine & great JS.
pnpm @pnpmjs
15K Followers 7 Following Fast, disk space efficient package manager 快速且節省磁碟空間的套件管理程式 Sponsor us: on GitHub: https://t.co/cS3OP24kZH on OpenCollective: https://t.co/zyVORTsELN
Shehzad Akbar @shehzadakbar
206 Followers 567 Following Proud Torontonian. Dad. Product and Growth at @clerkdev.
yash @goyashy
650 Followers 324 Following bootstrapping after 8 years of taking boots. courses: https://t.co/X42HzmEHgW ai video editing: https://t.co/dgCXWnnL2f second brain 🧠: https://t.co/d8nIkj9VMF
Arthur | Better Devel.. @Colmeo
238 Followers 228 Following Building https://t.co/plyG021oie . Frontend Software Engineer. Mentor @OCFrance
Ahmad Awais @MrAhmadAwais
47K Followers 2K Following ⌘ CEO & Founder @LangbaseInc // @Google Devs Advisory Board // Award-winning @GitHub Star // Ex VP DX Rapid / Quoted by @SatyaNadella "awesome example for devs"
__abass. @abass_oguntade
115 Followers 807 Following Studying Computer engineering 💻 | Arranging pixels using React ⚛️ | Sometimes writes about React |
jwfu @jwfu
67 Followers 557 Following
:wq @oeiuwq
2K Followers 2K Following soy todos los tigres y todos los borges. paseo detrás de mi piel de barrotes. Norah, una niña, maldijo: Estas hecho para el amor. YES, YES! the tiger is out!
Bjorg (threads.net/bj.. @bjorg
1K Followers 284 Following I do stuff some people care about, but most don't, and that's fine by me! 😉
Stacey Wueste @staceywueste
463 Followers 491 Following Partner @DecibelVC | Creating opptys for early stage founders | Passionate about early adopter customers | Mom to Victoria | Stanford fan
Alessio Fanelli @FanaHOVA
5K Followers 992 Following Cohost @latentspacepod | Partner & CTO @decibelvc | OSS: https://t.co/u4J6NVksoL | Writing: https://t.co/H7iEpzgxWQ
Dan Nguyen-Huu @dannguyenhuu
1K Followers 962 Following partner @DecibelVC prior: @BatteryVentures & @vmware investor: @databricks @SumoLogic @matillion @expelsecurity @contrastsec @runzeroinc @thecubejs @SpecterOps
Mike Hanley @_mph4
3K Followers 664 Following cso and svp engineering @github (prev. @cisco, @duosec, @certcc)
BSidesSF @BSidesSF
6K Followers 421 Following Security BSides San Francisco — Join us May 4-5, 2024!
Zoltan Kochan @ZoltanKochan
4K Followers 760 Following Developer, maker of @pnpmjs Works on dependency management at @bitdev_ #javascript #nodejs
Gaurav Kamathe @kamatheg
84 Followers 4K Following Security, Linux, Malware. Opinions expressed here are my own and not that of my employer
Ecosyste.ms @ecosyste_ms
76 Followers 13 Following Tools and open datasets to support, sustain, and secure critical digital infrastructure
Devdatta Akhawe @frgx
4K Followers 1K Following Engineering @figma. Previously, Dropbox and Berkeley Grad Student. Opinions are my own, and mostly wrong. Him/he. Also on @[email protected]
martin_casado @martin_casado
50K Followers 2K Following GP @ a16z ... questionable heuristics in a grossly underdetermined world
Yoko @stuffyokodraws
5K Followers 1K Following Cartoonist, Engineer, PM, Partner @a16z investing in infra & AI Prev Product lead @HashiCorp, Founding Eng/PM @Transposit. Eng @AppDynamics. Opinions = own.Thank you to @SocketSecurity for sponsoring our Presenter Appreciation Gifts for BSidesSF 2024! bsidessf.org/sponsors #bsidessf #bsidessf2024 #infosec
@ammkrn @SocketSecurity @feross Wuhuu.. Super cool! Thanks for the quick response.
I love how this exposes a bunch of things that start to realize how version ranges etc blow up the potential number of things that can be installed. Lockfiles mitigate this but different variances can occur if they are only top level for example.
Today, we are excited to introduce dependency visualization for reports - get a quick impression of the state of your dependencies without getting lost in the details.
@SamwellHardly @SocketSecurity +בלוג למי שבעניין לחפור עוד socket.dev/blog/how-to-us…
Had a fun chat with @ChrisChinch about Socket and software security – he's an incredible interviewer and made the conversation super fun! chrischinchilla.com/podcast/softwa…
Are you still relying on CVEs to determine if OSS packages are safe? This is starting to look like a REALLY BAD strategy. ⚠️ NVD stopped CVE enrichment for 6 weeks and counting. ~4,000 CVE reports were filed but missing from NVD. (socket.dev/blog/nvd-remai…) ⚠️ Legacy CVE scanners…
I love what @feross and the team @SocketSecurity are doing. Personally, I've used these other tools mentioned in the video and most often do fail to surface known vulnerable packages, in python. While doing an ml model implementation or api deployment, you hope the model or api…
The `xz` package backdoor is just the tip of the iceberg. There's a CONSTANT low-level stream of malware and spyware being uploaded to npm, PyPI, and Go registries. I want to share a few examples from the 20,000+ malicious packages we detected so far:
@feross @SocketSecurity It's almost like you have been.... solving for this? ;)
This will be the most important company in the next decade @SocketSecurity
The `xz` package backdoor is just the tip of the iceberg. There's a CONSTANT low-level stream of malware and spyware being uploaded to npm, PyPI, and Go registries. I want to share a few examples from the 20,000+ malicious packages we detected so far:
@santoshimz @SocketSecurity Supply chain security ki proper solutions levu ga. Noice
@dalmaer @SocketSecurity Haha, yeah... it's almost like that!
The `xz` package backdoor is just the tip of the iceberg. There's a CONSTANT low-level stream of malware and spyware being uploaded to npm, PyPI, and Go registries. I want to share a few examples from the 20,000+ malicious packages we detected so far:
@SocketSecurity Can you add the part where we tried to revert the PR github.com/redis/redis/pu…
I'm really enjoying using @SocketSecurity
🐢🚀 The redesigned nodejs.org is live! - Fresh look - Comprehensive search - New learning resources - APIs & downloads unchanged - Improved contributor DX Stay tuned for more details in upcoming posts. Explore, share, and give us your feedback!
This isn’t great. It’s difficult as is trying to assess vulnerabilities. This is now likely to make it even harder. Hopefully this is only temporary and for a short period.
The NVD stopped enriching CVE's a month ago, and security professionals are raising concerns about this critical gap in metadata. socket.dev/blog/nvd-halts…
If we are connected on LinkedIn you might already know I'm now working at @github! What I haven't shared yet, is that I'm gonna PM @npmjs! I'm reporting to @MylesBorins so you know to reach out if I don't stay classy!
I don't think the average open source user realises how there are huge incentives for supply chain attacks and how much of an arms race it has become to stay one step ahead of the attackers. If it doesn't scare you it takes an advanced LLM to detect malicious code, it should!
🤯 Socket figured out that an attacker's base64 encoded PowerShell / bash command is actually creating a reverse shell LLMs are pretty incredible 🌟
Trends for United States
You might like
