Socket Hacker News

Filters

Since:

Posts by Month (39 total)

Hacker News Posts

Search:

Title	Points	Comments	Date
Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised	1,231	--	2025-09-16
NPM to implement staged publishing after turbulent shift off classic tokens	205	--	2026-01-07
The Everything NPM Package	192	--	2024-01-06
Show HN: Socket – Secure your JavaScript supply chain	133	--	2022-03-01
The push to ban ransom payments is gaining momentum	127	--	2024-05-22
Social engineering campaign targeting tech employees spreads through NPM malware	114	--	2023-07-25
Active NPM supply chain attack: Tinycolor and 40 Packages Compromised	85	--	2025-09-15
German Court Fines Security Researcher for Reporting Company's Vulnerabilities	77	--	2024-01-23
OpenJS: "XZ Utils Cyberattack Likely Not an Isolated Incident"	65	--	2024-04-17
What's Going on Inside Your Node_modules Folder?	64	--	2022-03-02
Chinese devs are storing 1000s of eBooks on GitHub and NPM	62	--	2022-11-06
Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum	53	--	2024-07-06
Prettier NPM Packages Compromised in Supply Chain Attack	45	--	2025-07-19
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack	42	--	2024-06-26
Curl Project and Go Security Teams Reject CVSS as Broken	40	--	2025-01-24
AI Hallucinations Are Fueling a New Class of Supply Chain Attacks	31	--	2025-04-12
Gem.Coop – Community-Run Alternative to Rubygems.org, Led by Former Maintainers	30	--	2025-10-06
Libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable	27	--	2025-06-18
DuckDB NPM Account Compromised in Continuing Supply Chain Attack	27	--	2025-09-09
Automated Spam Campaign Floods GitHub/NPM with 1000s of Garbage Packages	25	--	2024-07-12
New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io	24	--	2024-09-12
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom	19	--	2024-03-29
Supply Chain Attack Detected in Solana/Web3.js Library	17	--	2024-12-03
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For	17	--	2025-02-04
$4.6M Series Seed to defend open source from supply chain attacks	14	--	2022-05-12
Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs	14	--	2025-05-20
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack	14	--	2025-07-22
Socket AI – Scan every NPM and PyPI package for malware with …	13	--	2023-03-31
Express.js Spam PRs Highlight the Commoditization of Open Source Contributions	13	--	2024-02-13
Researcher Exposes 0-Day Clickjacking Vulnerabilities in Major Password Managers	13	--	2025-08-19
Supply Chain Attacks Targeting LLM Application Developers: The Hidden Dangers Of	12	--	2024-10-24
NIST's New Password Guidelines Will Eliminate Periodic Changes and Special	11	--	2024-09-26
Threat Actor Exposes Playbook for Exploiting NPM to Build Blockchain-Powered	11	--	2024-11-19
Socket, an open source supply chain security platform	11	--	2022-03-01
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS	11	--	2025-03-04
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports	11	--	2025-05-07
Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload	10	--	2025-05-01
Contagious Interview Campaign Escalates with 67 Malicious NPM Packages and New	10	--	2025-07-14
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack	10	--	2025-11-29

Plushcap, by Matt Makai. 2021-2026.

Socket on HN