… What to expect in the coming months In late 2025 the Shai-Hulud attacks motivated a revamped security roadmap for npm, which we talked about in Our plan for a more secure npm supply chain and Strengthening supply chain security: Preparing for the next malware campaign . …
… Strengthening supply chain security: Preparing for the next malware campaign Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack. …
… Security Securing the open source supply chain across GitHub Recent attacks on open source focus on exfiltrating secrets; here are the prevention steps you can take today, plus a look at the security capabilities GitHub is working on.
… Security Securing the open source supply chain across GitHub Recent attacks on open source focus on exfiltrating secrets; here are the prevention steps you can take today, plus a look at the security capabilities GitHub is working on.