Sonatype releases Advanced Development Pack with next-gen DevSecOps intelligence
Fulton, MD – Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today unveils its...
open source
NodeJS malware caught exfiltrating IPs, username, and device information on GitHub
Multiple NodeJS packages laden with malicious code have been spotted on npm registry. These "typosquatting" packages served no purpose other...
20,000 GitHub projects at risk from Node.js ‘standard-version’ library vulnerability
More than 20,000 GitHub projects rely on the Node.js standard-version utility to implement semantic versioning (semver) and for generating CHANGELOG...