DEV Community

# supplychain

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
161 verified AI package hallucinations across 8.5M indexed — open dataset
depscope profile

161 verified AI package hallucinations across 8.5M indexed — open dataset

#ai #security #supplychain #mcp
Comments
4 min read
Four MCP packages, four ways the supply chain shifted in two weeks of npm monitoring
michael_onyekwere profile

Four MCP packages, four ways the supply chain shifted in two weeks of npm monitoring

#security #supplychain #mcp #npm
Comments
7 min read
Slopsquatting in Python: What 205,474 Hallucinated Package Names Mean for Your Supply Chain
duriantaco profile

Slopsquatting in Python: What 205,474 Hallucinated Package Names Mean for Your Supply Chain

#python #security #ai #supplychain
Comments
8 min read
I built chainscope: reading supply chain attacks across 6 surfaces, one slide at a time
kanywst profile
kt

I built chainscope: reading supply chain attacks across 6 surfaces, one slide at a time

#showdev #security #supplychain
Comments
7 min read
SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier
kanywst profile
kt

SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier

#security #supplychain #slsa #sigstore
Comments
11 min read
Why Did Docker Abandon TUF?: A Turbulent History of Container Signing
kanywst profile
kt

Why Did Docker Abandon TUF?: A Turbulent History of Container Signing

#security #docker #supplychain #sigstore
2
Comments
10 min read
The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Are Not.
piiiico profile
Pico

The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Are Not.

#security #npm #javascript #supplychain
Comments
3 min read
Two Types of npm Supply Chain Attack: What Catches Each
piiiico profile
Pico

Two Types of npm Supply Chain Attack: What Catches Each

#npm #security #supplychain #javascript
Comments
5 min read
The Dependency Avalanche: 644 Strangers in Your package.json
vivian-voss profile

The Dependency Avalanche: 644 Strangers in Your package.json

#supplychain #opensource #freebsd #security
Comments
6 min read
572K Weekly Downloads, One Preinstall Script: The SAP CAP Supply Chain Attack Your AI Agent Would Have Missed
toniantunovic profile

572K Weekly Downloads, One Preinstall Script: The SAP CAP Supply Chain Attack Your AI Agent Would Have Missed

#security #npm #supplychain #devops
1
Comments
3 min read
Continuous monitoring caught a credential leak in a published MCP package. Six republishes later, it is still there.
michael_onyekwere profile

Continuous monitoring caught a credential leak in a published MCP package. Six republishes later, it is still there.

#security #supplychain #mcp #npm
Comments
7 min read
Supply Chain Attacks Targeting Bitwarden CLI and How to Defend
logiqode profile

Supply Chain Attacks Targeting Bitwarden CLI and How to Defend

#security #npm #supplychain #devops
Comments
5 min read
Vercel OAuth Compromise via Context.ai: Timeline, IOCs, and Remediation
cyberxyzsecurity profile

Vercel OAuth Compromise via Context.ai: Timeline, IOCs, and Remediation

#security #supplychain #vercel #devops
Comments
4 min read
The EU Is Forcing User-Replaceable Phone Batteries. There's a Loophole Apple Is Already Using.
alanwest profile

The EU Is Forcing User-Replaceable Phone Batteries. There's a Loophole Apple Is Already Using.

#righttorepair #euregulation #mobilehardware #supplychain
1
Comments
4 min read
Slopsquatting: The AI Supply Chain Attack Vector You Are Not Monitoring
danieljglover profile

Slopsquatting: The AI Supply Chain Attack Vector You Are Not Monitoring

#security #ai #supplychain
Comments
6 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.