For the best experience on desktop, install the Chrome extension to track your reading on news.ycombinator.com
Hacker Newsnew | past | comments | ask | show | jobs | submit | history | fromregister
Fairwords NPM packages compromised by credential worm stealing tokens and (safedep.io)
2 points by birdculture 13 days ago | past | discuss
Malicious Packages Targeting Strapi Plugin Ecosystem Being Actively Published (safedep.io)
2 points by birdculture 18 days ago | past
Enforcing Dependency Cooldowns with CEL's Now() – Block Recent Package (safedep.io)
1 point by birdculture 18 days ago | past
Axios 1.14.1 and 0.30.4 Compromised via Stolen Maintainer Account on NPM (safedep.io)
8 points by birdculture 21 days ago | past
Compromised telnyx on PyPI (safedep.io)
2 points by jruohonen 22 days ago | past | 1 comment
Team PCP Strikes again – `telnyx` on PyPI gets compromised (safedep.io)
5 points by Sahil121 25 days ago | past
Malicious Litellm 1.82.8: Credential Theft and Persistent Backdoor (safedep.io)
1 point by alokDT 27 days ago | past
The software supply chain has a new problem: AI agents (safedep.io)
5 points by Sudhanshu2310 36 days ago | past
Show HN: External Threat Protection in GitHub Agentic Workflow (safedep.io)
1 point by knlsn 51 days ago | past
Step by Step Analysis of Malicious NPM Package (safedep.io)
1 point by abhisek 59 days ago | past
Agent Skills Threat Model (safedep.io)
3 points by abhisek 86 days ago | past
DarkGPT: Malicious Visual Studio Code Extension Targeting Developers (safedep.io)
2 points by abhisek 4 months ago | past
Curious Case of Embedded Executable in a Newly Introduced Transitive Dependency (safedep.io)
4 points by abhisek 5 months ago | past
NPM Supply Chain Malware with Self-Replicating Behaviour (safedep.io)
2 points by abhisek 7 months ago | past
Tensorflow.js Typosquatting Attack (safedep.io)
1 point by infiniteregrets 8 months ago | past
Tensorflow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers (safedep.io)
2 points by abhisek 8 months ago | past
Secure Vibe Coding with AI Agents (safedep.io)
2 points by abhisek 8 months ago | past
ESLint-config-prettier was compromised for 24hours (safedep.io)
2 points by h1fra 9 months ago | past
ESLint-Config-Prettier Compromised (safedep.io)
7 points by danielskogly 9 months ago | past
ESLint-config-prettier: How NPM Package with 30M Downloads Spread Malware (safedep.io)
1 point by abhisek 9 months ago | past
Catching the Silent Threat: How Dynamic Analysis Revealed an NPM Attack Chain (safedep.io)
2 points by abhisek 10 months ago | past
Dynamic Malware Analysis of Open Source Packages at Scale (safedep.io)
8 points by abhisek 11 months ago | past
Malicious NPM Package Impersonating Popular Express Cookie Parser (safedep.io)
3 points by Tomte 12 months ago | past
Show HN: Gitlab CI Component for Vet – Protect CI Pipelines from Vulnerable OSS (safedep.io)
1 point by kunalsin9h on April 2, 2025 | past
Typosquatt alert Malicious NPM Package: NYC-config (safedep.io)
1 point by abhisek on March 17, 2025 | past | 1 comment
Show HN: Eliminating Vulnerability False Positives Through Code Analysis (safedep.io)
1 point by abhisek on March 4, 2025 | past
What Is Next Generation Software Composition Analysis? (safedep.io)
1 point by abhisek on Feb 12, 2025 | past
Malicious NPM Packages Using Burp Collaborator for Dependency Confusion Attack (safedep.io)
1 point by abhisek on Jan 28, 2025 | past
Why Open Source Risks Are Larger Than Only Software Composition Analysis (safedep.io)
2 points by abhisek on Oct 17, 2024 | past
SafeDep Vet - Open Source software supply chain dependency risks (safedep.io)
2 points by madhuakula on March 31, 2023 | past | 2 comments

Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search:

HN For You