npm
The most widely used online repository for Node.js projects.
-
Understanding and Preventing Manifest Confusion
A primer on manifest confusion vulnerability in npm
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 5 min
-
Spam-pm: Investigating the Spam Invasion of npm
A deep dive into escalating spam problem on npm, and exploring the registry's unwanted guests.
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 7 min
-
From Confusion to Compromise: Dependency Confusion Attacks
A primer on dependency confusion attacks
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 4 min
-
Super Dependence In Modern Software
A primer on transitive dependencies in open source software and how it results in super dependence.
Read morePublished by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
By and- Date
- Reading time
- · 9 min
-
All your domains are belong to us
Let's discuss one of the most underrated but effective attack vectors: using expiring domains to take over npm packages.
Read morePublished by Garnet Research (@research)
By- Date
- Reading time
- · 9 min
-
The worst fear of a JavaScript developer
A discussion on the risks of transitive dependencies in JavaScript.
Read morePublished by Farrukh Jadoon (@fkj) and Umar Sikander (@us)
By and- Date
- Reading time
- · 7 min
