@Snyk
Automatically find and fix vulnerabilities in your code, open source, and containers. Sign up for free at https://snyk.co/hashnode
4d ago · 9 min read · On March 31, 2026, two malicious versions of axios, the enormously popular JavaScript HTTP client with over 100 million weekly downloads, were briefly published to npm via a compromised maintainer account. The packages contained a hidden dependency t...
Join discussion
Mar 19 · 15 min read · This is the prompt – the whole thing: You are a security reviewer for pull requests. Goal: Detect and clearly explain real vulnerabilities introduced or exposed by this PR. Review only added or modified code unless unchanged code is required to prove...
Join discussion
Mar 6 · 8 min read · AI coding assistants are quietly resurrecting millions of abandoned open source packages. For the last decade, developers relied on a simple heuristic for open source security: Prevalence \= Trust. If a package was downloaded millions of times a week...
Join discussion
Mar 5 · 8 min read · AI coding assistants are quietly resurrecting millions of abandoned open source packages. For the last decade, developers relied on a simple heuristic for open source security: Prevalence \= Trust. If a package was downloaded millions of times a week...
Join discussionFeb 26 · 8 min read · We are witnessing the birth of a new profession in the blend of security engineering and security operations, a discipline that didn't exist five years ago because the systems it protects didn't exist five years ago. As artificial intelligence moves ...
Join discussion