May 2 · 9 min read · On March 26, 2026, security researchers at Socket.dev flagged anomalous publishing activity across dozens of npm packages. Within hours, the scope of the incident became clear: a threat actor operating under the handle TeamPCP had compromised a singl...
Join discussionApr 7 · 6 min read · Securing your software supply chain: why dependency management is your biggest security blind spot Modern applications depend on hundreds or thousands of external packages, each representing code written by others but running with your application's ...
Join discussion
Feb 20 · 5 min read · Originally published on satyamrastogi.com Threat actors compromised Cline's NPM package v2.3.0, installing OpenClaw malware on 4,000+ systems. Analysis reveals sophisticated supply chain poisoning techniques and detection strategies for defenders. ...
Join discussion
Feb 17 · 4 min read · How to Protect Your Code Repository from Supply Chain Attacks in 2026 Supply chain attacks have become the most dangerous threat facing developers. In 2025 alone, over 700,000 malicious packages were detected across npm, PyPI, and other registries. T...
Join discussionFeb 17 · 4 min read · How to Protect Your Code Repository from Supply Chain Attacks in 2026 Supply chain attacks have become the most dangerous threat facing developers. In 2025 alone, over 700,000 malicious packages were detected across npm, PyPI, and other registries. T...
Join discussionJun 2, 2025 · 3 min read · The discovery of malicious npm packages like xlsx-to-json-lh—a six-year-old typosquatting artifact mimicking the legitimate xlsx-to-json-lc—alongside broader campaigns involving 60+ packages, underscores systemic vulnerabilities in npm's security mod...
Join discussion
