DEV Community

# supplychain

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Cordyceps and the pipeline attack surface we keep ignoring

Cordyceps and the pipeline attack surface we keep ignoring

Comments
3 min read
Why MLCC Lead Times Are Blowing Up in 2026 (And How to Design Around It)

Why MLCC Lead Times Are Blowing Up in 2026 (And How to Design Around It)

Comments
3 min read
Aikido buys Root to patch open source in place, without the upgrade dance

Aikido buys Root to patch open source in place, without the upgrade dance

Comments
4 min read
The Supply Chain Attack Vector Everyone Is Ignoring in AI Agents

The Supply Chain Attack Vector Everyone Is Ignoring in AI Agents

Comments
3 min read
GitHub Actions hands fork triggers a read-only cache token

GitHub Actions hands fork triggers a read-only cache token

Comments
4 min read
CI is the wrong place to first hear about your npm dependencies

CI is the wrong place to first hear about your npm dependencies

Comments
3 min read
PostCSS Adopted Staged Publishing. 685M Weekly Downloads Now Gated.

PostCSS Adopted Staged Publishing. 685M Weekly Downloads Now Gated.

2
Comments 1
2 min read
Come ragiona un hacker (e cosa cambia per chi costruisce prodotti web)

Come ragiona un hacker (e cosa cambia per chi costruisce prodotti web)

Comments
4 min read
Cilium publishes its CI hardening playbook, gaps and all

Cilium publishes its CI hardening playbook, gaps and all

Comments
3 min read
SP Page Builder ships a one-file controller patch in 6.6.2, and the locked support thread is a reminder that patching isn't cleanup

SP Page Builder ships a one-file controller patch in 6.6.2, and the locked support thread is a reminder that patching isn't cleanup

Comments
6 min read
npm freezes high-impact maintainer accounts for 72 hours after a sensitive change

npm freezes high-impact maintainer accounts for 72 hours after a sensitive change

Comments
4 min read
A Rogue Registry in My Own Backyard: Anatomy of a Two-Line Supply Chain Attack

A Rogue Registry in My Own Backyard: Anatomy of a Two-Line Supply Chain Attack

1
Comments
6 min read
What 5 Years on an Amazon Dock Taught Me About Barcodes

What 5 Years on an Amazon Dock Taught Me About Barcodes

Comments
2 min read
Homebrew 6.0.0 turns third-party taps into an opt-in trust list

Homebrew 6.0.0 turns third-party taps into an opt-in trust list

Comments
3 min read
Your auth library's maintainer is an agent who never sleeps

Your auth library's maintainer is an agent who never sleeps

Comments
5 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.