Dark Reading

GitHub Aims to Secure Supply Chain as NPM Hacks Ramp Up

GitHub this week committed to a more secure NPM supply chain in the wake of a handful of attacks causing widespread compromise. On Sept. 22, GitHub senior director of security research Xavier ...
TechRepublic

How GitHub Is Securing the Software Supply Chain

A surge in supply chain attacks has put open-source software risk, prompting GitHub to strengthen security across its npm ecosystem. The company, which operates the world’s largest code repository, is ...
Redmond Magazine

GitHub Expands Copilot to Teams, Strengthens npm Security and Adds Enterprise Usage Tools

GitHub rolled out several updates this week aimed at developer collaboration, open source security and enterprise billing. At the center is a new public preview of the GitHub Copilot app for Microsoft ...
ZDNet

When open-source developers go bad

This isn't the first time a developer deliberately sabotaged their own open-source code. Back in 2016, Azer Koçulu deleted a 17-line npm package called 'left-pad, 'which killed thousands of Node.js ...
Bleeping Computer

Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM ...