Home / Companies / Socket / Hacker News

Socket on HN

325 posts with 1+ points since 2022

Filters
Since:
Posts by Month (325 total)
Hacker News Posts
Title Points Comments Date
Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised 1,231 -- 2025-09-16
NPM to implement staged publishing after turbulent shift off classic tokens 205 -- 2026-01-07
The Everything NPM Package 192 -- 2024-01-06
Show HN: Socket – Secure your JavaScript supply chain 133 -- 2022-03-01
The push to ban ransom payments is gaining momentum 127 -- 2024-05-22
Social engineering campaign targeting tech employees spreads through NPM malware 114 -- 2023-07-25
Active NPM supply chain attack: Tinycolor and 40 Packages Compromised 85 -- 2025-09-15
German Court Fines Security Researcher for Reporting Company's Vulnerabilities 77 -- 2024-01-23
OpenJS: "XZ Utils Cyberattack Likely Not an Isolated Incident" 65 -- 2024-04-17
What's Going on Inside Your Node_modules Folder? 64 -- 2022-03-02
Chinese devs are storing 1000s of eBooks on GitHub and NPM 62 -- 2022-11-06
Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum 53 -- 2024-07-06
Prettier NPM Packages Compromised in Supply Chain Attack 45 -- 2025-07-19
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack 42 -- 2024-06-26
Curl Project and Go Security Teams Reject CVSS as Broken 40 -- 2025-01-24
AI Hallucinations Are Fueling a New Class of Supply Chain Attacks 31 -- 2025-04-12
Gem.Coop – Community-Run Alternative to Rubygems.org, Led by Former Maintainers 30 -- 2025-10-06
Libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable 27 -- 2025-06-18
DuckDB NPM Account Compromised in Continuing Supply Chain Attack 27 -- 2025-09-09
Automated Spam Campaign Floods GitHub/NPM with 1000s of Garbage Packages 25 -- 2024-07-12
New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io 24 -- 2024-09-12
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom 19 -- 2024-03-29
Supply Chain Attack Detected in Solana/Web3.js Library 17 -- 2024-12-03
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching For 17 -- 2025-02-04
$4.6M Series Seed to defend open source from supply chain attacks 14 -- 2022-05-12
Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs 14 -- 2025-05-20
NPM 'Is' Package Hijacked in Expanding Supply Chain Attack 14 -- 2025-07-22
Socket AI – Scan every NPM and PyPI package for malware with … 13 -- 2023-03-31
Express.js Spam PRs Highlight the Commoditization of Open Source Contributions 13 -- 2024-02-13
Researcher Exposes 0-Day Clickjacking Vulnerabilities in Major Password Managers 13 -- 2025-08-19
Supply Chain Attacks Targeting LLM Application Developers: The Hidden Dangers Of 12 -- 2024-10-24
NIST's New Password Guidelines Will Eliminate Periodic Changes and Special 11 -- 2024-09-26
Threat Actor Exposes Playbook for Exploiting NPM to Build Blockchain-Powered 11 -- 2024-11-19
Socket, an open source supply chain security platform 11 -- 2022-03-01
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS 11 -- 2025-03-04
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports 11 -- 2025-05-07
Wget to Wipeout: Malicious Go Modules Fetch Destructive Payload 10 -- 2025-05-01
Contagious Interview Campaign Escalates with 67 Malicious NPM Packages and New 10 -- 2025-07-14
The GitHub Infrastructure Powering North Korea's Contagious Interview NPM Attack 10 -- 2025-11-29
Redis License Shift Splits Community: Open-Source Contributors Move to Fork 9 -- 2024-03-27
Node.js Community Debate Intensifies over Potentially Unbundling NPM 9 -- 2024-02-08
Free Software Foundation Goes to Bat for AGPL in Amicus Brief Criticizing 9 -- 2025-03-06
"Valkey" Open Source Redis Fork Backed by Linux Foundation, Amazon, Google 8 -- 2024-03-29
Judicious JSON 8 -- 2024-01-04
PyPI Now Supports iOS and Android Wheels for Mobile Python Development 8 -- 2025-02-12
Python Adopts Standard Lock File Format for Reproducible Installs 8 -- 2025-04-01
Rust Support in Socket 8 -- 2025-07-31
New Website "Is It FOSS?" Tracks Transparency in Open Source Distribution 8 -- 2025-08-16
Socket Firewall: Free, Proactive Protection for Your Software Supply 8 -- 2025-09-30
Over 20,000 backdoored NPM, PyPI, and Go packages detected by Socket 7 -- 2024-03-30
North Korean Apt Lazarus Targets Developers with Malicious NPM Package 7 -- 2025-01-30
TC39 advances proposals for RegExp Escaping, Float16Array, Redeclarable vars 7 -- 2025-02-20
.NET Support in Socket 7 -- 2025-04-21
Potemkin Understanding in LLMs: New Study Reveals Flaws in AI Benchmarks 7 -- 2025-07-05
CISA Announces Initiative to Fortify Security of Open Source Package Registries 6 -- 2024-03-07
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not 6 -- 2025-02-07
React Team Updates CRA Migration Guidance After Community Pushback 6 -- 2025-02-19
Deno 2.2 Improves Dependency Management and Expands Node.js Compatibility 6 -- 2025-02-20
Obfuscation 101: Unmasking the Tricks Behind Malicious Code 6 -- 2025-03-28
Repository Labels and Security Policies 6 -- 2025-04-22
The Growing Risk of Malicious Browser Extensions 6 -- 2025-06-13
Django Joins Curl in Pushing Back on AI Slop Security Reports 6 -- 2025-06-30
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security 5 -- 2024-09-23
New Axobject-Query Maintainer Faces Backlash over Controversial Decision To 5 -- 2024-06-25
Researchers Uncover NPM Registry Vulnerability to Cache Poisoning and DoS 5 -- 2024-06-15
Threat Actors Are Abusing GitHub's File Upload Feature to Host Malware 5 -- 2024-04-23
Rubygems.org Adds New Maintainer Role 5 -- 2024-11-13
Packaging Trends in Python: Highlights from the 2023 Developer Survey 5 -- 2024-09-03
Uv: Python's New High-Speed Package Manager Promises to Simplify Tooling 5 -- 2024-08-28
PyPI Slashes Malware Response Time: 90% of Issues Resolved in Under 24 … 5 -- 2024-08-21
Node.js Takes Steps Towards Removing Corepack 5 -- 2024-08-08
Ua-Parser-JS Drops MIT License, Adopts AGPLv3 and Pro Dual Licensing Model 5 -- 2024-06-18
Mobile, Alabama Hospital Refuses to Pay Settlement in Landmark Ransomware Death 5 -- 2024-05-30
NPM Registry Swamped by Bizarre John Wick Frenzy 5 -- 2023-03-30
Sonar to Acquire Tidelift, Scaling Open Source Maintainer Support 5 -- 2024-12-18
CISA Extends Mitre Contract as Crisis Accelerates Alternative CVE Coordination 5 -- 2025-04-16
CISA Rebuffs Funding Concerns as CVE Foundation Draws Criticism 5 -- 2025-04-24
Using Trusted Protocols Against You: Gmail as a C2 Mechanism 5 -- 2025-04-30
NPM targeted by malware campaign mimicking familiar library names 5 -- 2025-05-02
Opengrep Adds Apex Support and New Rule Controls in Latest Updates 5 -- 2025-08-12
Bun 1.2.19 Adds Isolated Installs for Better Monorepo Support 5 -- 2025-07-22
NPM Registry Code Signing 4 -- 2023-04-19
New Research Shows Teams of LLM Agents Can Autonomously Exploit Zero-Day 4 -- 2024-06-11
The Alarming NVD Backlog: Over 50% of Known Exploited Vulnerabilities Await 4 -- 2024-05-24
ESLint Is Now Language-Agnostic: Linting JSON, Markdown, and Beyond 4 -- 2024-10-04
NIST Misses 2024 Deadline to Clear NVD Backlog 4 -- 2024-10-01
3.7M Fake GitHub Stars: A Growing Threat Linked to Scams and Malware 4 -- 2024-08-27
Understanding the Risks of Trivial Packages in Modern Software Projects 4 -- 2024-08-22
Pnpm 9.5 Introduces Catalogs: Shareable Dependency Version Specifiers 4 -- 2024-07-08
OpenSSF Warns of Reputation Farming Leveraging Closed GitHub Issues and PRs 4 -- 2024-06-26
Python Software Foundation Announces 5-Year Sponsorship Commitment from Fastly 4 -- 2024-05-17
SSO 4 -- 2024-04-30
JSR Now in Public Beta, Aims to Shift Community Towards Using ESM … 4 -- 2024-03-05
Hackers are using package managers as vectors for deploying coinminer malware 4 -- 2024-01-05
“Safe NPM” – NPM wrapper to protect developers from malware 4 -- 2023-03-16
NPM 'bin' script confusion can override NPM/node commands 4 -- 2022-10-21
Malicious NPM Packages Inject SSH Backdoors via Typosquatted Libraries 4 -- 2024-11-22
Stanford Study Finds 9.5% of Engineers Do Almost Nothing 4 -- 2024-11-27
Malicious Maven Package Impersonating 'XZ for Java' Library Introduces Backdoor 4 -- 2024-12-06
Supply Chain Attack on NPM Packages Injects Cryptojacking Malware 4 -- 2024-12-19
PyPI on Ultralytics Supply Chain Attack: Poor CI/CD Practices to Blame, No 4 -- 2024-12-14
The Business of Ransomware: Insights from Reddit AMA with Ransomware 4 -- 2024-12-17
Quasar Rat Disguised as an NPM Package for Detecting Vulnerabilities in Ethereum 4 -- 2024-12-20
Gmail for Exfiltration: Malicious NPM Packages Target Solana Private Keys and 4 -- 2025-01-08
Bun 1.2 Released with 90% Node.js Compatibility and Built-In S3 Object Support 4 -- 2025-01-22
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy 4 -- 2025-01-28
New PyPI Malware 'Set-Utils' Exfiltrates Ethereum Private Keys Through 4 -- 2025-03-05
Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year … 4 -- 2025-03-04
Go Support Is Now Generally Available 4 -- 2025-04-17
Vlt Launches Real-Time Dependency Analysis Powered by Socket 4 -- 2025-04-17
Oxlint Now in Beta with 500 Built-In Rules and 2X Faster JavaScript … 4 -- 2025-03-18
Node.js Homepage Adds Paid Support Link, Prompting Contributor Pushback 4 -- 2025-06-26
ECMAScript 2025 Finalized with Iterator Helpers, Set Methods, RegExp.escape, and 4 -- 2025-06-29
Protestware in JavaScript UI Toolkits on NPM Target Russian Language Sites 4 -- 2025-06-19
Node.js Moves Toward Stable TypeScript Support with Amaro 1.0 4 -- 2025-06-11
Malicious Koishi Chatbot Plugin Exfiltrates Messages Triggered by 8-Character 4 -- 2025-05-19
NPM Author Qix Compromised via Phishing Email 4 -- 2025-09-08
Surveillance Malware Hidden in NPM and PyPI Packages Targets Developers With 4 -- 2025-07-23
Rust Support Now in Beta 4 -- 2025-09-11
Nx Investigation Reveals GitHub Actions Workflow Exploit Led to NPM Token Theft 4 -- 2025-09-03
Rspack Introduces Rslint, a TypeScript-First Linter Written in Go 4 -- 2025-08-20
Oxlint Introduces Type-Aware Linting Preview 4 -- 2025-08-18
Knip Hits 500 Releases with v5.62.0, Improving TypeScript Config Detection and 4 -- 2025-07-18
Socket secures $40M to combat next-generation software supply chain attacks 3 -- 2024-10-22
2023 State of JavaScript Survey Highlights: Vite Dominates, TypeScript Adoption 3 -- 2024-06-23
Malicious NPM Package Exploits WhatsApp Authentication with Remote Kill Switch 3 -- 2024-11-15
NPM Malware Campaign Leverages Ethereum Smart Contracts to Evade 3 -- 2024-11-01
Dutch National Police Disrupt Redline and Meta Malware Operations 3 -- 2024-10-29
Ruby Support in Socket 3 -- 2024-10-21
Socket Optimize – CLI to override dependencies with tested, optimized versions 3 -- 2024-10-16
Typosquatting on PyPI: Malicious Package Mimics Popular 'Browser-Cookie3' 3 -- 2024-10-11
White House Cybersecurity Advisor Calls for Ban on Using Insurance Claims For 3 -- 2024-10-08
Cloudflare Adds Security.txt Setup Wizard 3 -- 2024-09-30
Malicious "express-dompurify" NPM Package Steals Browser and Cryptocurrency 3 -- 2024-09-27
Enisa 2024 Threat Landscape Report Warns of Increasing State-Sponsored Supply 3 -- 2024-09-27
Highlights from the 2024 Rails Community Survey 3 -- 2024-09-25
Combatting Alert Fatigue by Prioritizing Malicious Intent 3 -- 2024-09-23
Understanding License Exceptions: What Developers Need to Know 3 -- 2024-09-20
Developer Accuses Tencent of Copyright Violation After Python Utility's License 3 -- 2024-09-18
The Socket Python SDK 3 -- 2024-09-13
Python Software Foundation Expands CNA Scope to Include Pallets Projects 3 -- 2024-09-09
Developers Burned by Elasticsearch's License Change Aren't Going Back, Despite 3 -- 2024-09-06
Socket Protects Against Revival Hijacking Attacks on PyPI 3 -- 2024-09-06
Dashboard Analytics 3 -- 2024-09-05
OpenSSF 75% of New Developers Lack Secure Software Skills Amid Rising 3 -- 2024-09-03
Malicious 'Akiraa-Wb' NPM Package Exfiltrates Files to External Services Via 3 -- 2024-08-20
Node.js Doubles Security Releases with Newly Automated Process, Re-Evaluates 3 -- 2024-08-17
New Socket Web Extension, Take Socket with You 3 -- 2024-08-14
New Default Security Policies 3 -- 2024-08-14
White House Report Highlights Persistent Challenges and Urgent Needs in Open 3 -- 2024-08-13
Adoption of Trusted Publishers Growing Among Open Source Package Repositories 3 -- 2024-08-06
Node-IP Maintainer Restores GitHub Repo After Archiving Due to Overblown CVE 3 -- 2024-07-11
DOJ Cracks Down on Federal Contractors for Failing to Meet Cybersecurity 3 -- 2024-06-19
TC39 June 2024 Meeting Roundup: 8 Proposals Advanced to Next Stages 3 -- 2024-06-13
Trojan Embedded in Crytic-Compilers Python Package Targets Blockchain Utility 3 -- 2024-06-05
NIST Announces Major Contract to Clear NVD Backlog by September 3 -- 2024-06-04
ESLint Approves RFC to Add Support for TypeScript Config Files 3 -- 2024-05-25
OSI to Lead Discussions on Navigating the Challenges of Doing Business with … 3 -- 2024-04-12
Node.js TSC Confirms: No Intention to Remove NPM from Distribution 3 -- 2024-03-22
NVD Halts CVE Enrichment 3 -- 2024-03-19
OpenJS Launches New Collaboration to Improve Interoperability of JavaScript 3 -- 2024-02-27
JSR: What We Know So Far About Deno's New JavaScript Package Registry 3 -- 2024-02-24
Socket Organization Alerts: View Dependency Security Risks Across All Repos 3 -- 2023-12-21
Surge in Cyberattacks Activity Against Financial Services Industry 3 -- 2023-12-01
Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking 3 -- 2024-11-20
Malicious NPM Package Typosquats Popular TypeScript ESLint Plugin, Exfiltrates 3 -- 2024-12-11
Malicious NPM Campaign Targets Ethereum Developers with Fake Hardhat Packages 3 -- 2025-01-03
Weaponizing OAST: Malicious Packages Exploit NPM, PyPI, and RubyGems 3 -- 2025-01-04
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing 3 -- 2025-01-20
PyPI's New Archival Feature Closes a Major Security Gap 3 -- 2025-01-30
Node.js EOL Versions CVE Dubbed the Worst CVE of the Year by … 3 -- 2025-01-24
Malicious PyPI Package 'Pycord-Self' Targets Discord Developers with Token Theft 3 -- 2025-01-16
Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy 3 -- 2025-02-26
Create React App Officially Deprecated Amid React 19 Compatibility Issues 3 -- 2025-02-11
Maven Central Adds Sigstore Signature Validation 3 -- 2025-02-06
Tick Tock, Your Credentials Are Gone: The Maven Package with a Monthly … 3 -- 2025-03-14
The Pair Program Podcast: Feross Aboukhadijeh on Preserving Trust in Open Source 3 -- 2025-03-10
OpenSSF Launches Open Source Project Security Baseline to Strengthen Software 3 -- 2025-02-28
A New Overview in Our Dashboard 3 -- 2025-04-29
Module Reachability: Focus on the Vulnerabilities That Matter 3 -- 2025-04-23
The Bad Seeds: Malicious NPM and PyPI Packages Pose as Developer Tools … 3 -- 2025-04-22
Malicious NPM Package Disguised as Advcash Integration Triggers Reverse Shell 3 -- 2025-04-14
Malicious PyPI Package Targets WooCommerce Stores with Automated Carding Attacks 3 -- 2025-04-03
OpenGrep Restores Fingerprinting in JSON and Sarif Outputs 3 -- 2025-03-31
NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025 3 -- 2025-03-28
GitHub Actions Supply Chain Attack Puts Projects at Risk 3 -- 2025-03-17
Backdooring the IDE: Malicious NPM Packages Hijack Cursor Editor on macOS 3 -- 2025-05-10
Malicious NPM Packages Use Telegram to Exfiltrate BullX Credentials 3 -- 2025-05-08
Malicious 'Checker' Packages on PyPI Probe TikTok and Instagram for Valid 3 -- 2025-05-15
Malicious Python Package Typosquats Popular Passlib Library, Shuts Down Windows 3 -- 2025-06-24
Pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs 3 -- 2025-06-11
Malicious Ruby Gems Exfiltrate Telegram Tokens, Messages Following Vietnam Ban 3 -- 2025-06-03
Malicious NPM Package Wipes Codebases with Remote Trigger 3 -- 2025-05-30
Malicious NPM Packages 3 -- 2025-05-26
Crates.io Implements Trusted Publishing Support 3 -- 2025-07-16
Socket at Black Hat and DEF Con 2025 in Las Vegas 3 -- 2025-07-13
Browserslist-Rs Gets Major Refactor, Cutting Binary Size by over 1MB 3 -- 2025-07-04
Rv Is a New Rust-Powered Ruby Version Manager Inspired by Python's Uv 3 -- 2025-09-05
Nx NPM Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools 3 -- 2025-08-27
Astral Launches Pyx: A Python-Native Package Registry 3 -- 2025-08-14
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation 3 -- 2025-09-17
Tier 1 Reachability: Precision CVE Triage for Enterprise Teams 3 -- 2025-09-09
Wallet-Draining NPM Package Impersonates Nodemailer to Hijack Crypto 3 -- 2025-08-29
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials Via 3 -- 2025-08-21
Malicious Ruby Gems Used in Targeted Credential Theft Campaign 3 -- 2025-08-08
TC39 Advances 11 Proposals for Math Precision, Binary APIs, and More 3 -- 2025-08-06
NPM Phishing Email Targets Developers with Typosquatted Domain 3 -- 2025-07-27
Toptal's GitHub Organization Hijacked: 10 Malicious Packages Published 3 -- 2025-07-23
Is Running Random Code from NPM Safe? 2 -- 2024-01-03
The AI Advantage: Reshaping Cybersecurity in the Age of Autonomous Threats 2 -- 2024-04-25
GitHub Activates Push Protection by Default After Detecting over 1M 2 -- 2024-03-04
The biggest package on npm is 5.96 GB 2 -- 2024-01-10
Socket now supports the Go programming language 2 -- 2023-08-02
Show HN: Protect your Python app from an OSS supply chain attack 2 -- 2023-03-01
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories 2 -- 2024-11-13
Node.js Implements Stricter Policies for Semver-Major Pull Requests Ahead Of 2 -- 2024-11-08
Socket Recognized for Second Consecutive Year on Fortune Cyber 60 List 2 -- 2024-10-30
Noxia: Emerging Dark Web Hosting Provider Targets Python, Node.js, Go, and Rust 2 -- 2024-10-23
License Enforcement in Socket 2 -- 2024-10-17
Nightmares on NPM:How 2 Malicious Packages Facilitate Data Theft and Destruction 2 -- 2024-10-10
TC39 Advances 10 ECMAScript Proposals: Key Features to Watch 2 -- 2024-10-09
A Large-Scale Campaign to Artificially Boost Discord Server Metrics 2 -- 2024-10-04
Mitre Marks Major Milestone, Minting 400 CNAs as NVD Backlog Grows 2 -- 2024-08-14
Understanding the Security Concerns of NPM Shrinkwrap 2 -- 2024-08-09
Squarespace Domain Hijacks Enabled by Email Address Exploit on Migrated Accounts 2 -- 2024-07-16
Cyber Extortion Demands Skyrocket in 2023 While Fewer Companies Pay Ransoms 2 -- 2024-06-13
TC39 Advances Key Proposals: Deferred Import Evaluation, Error.isError(), RegExp 2 -- 2024-06-12
White House to Tackle Cybersecurity Regulation Fragmentation: CISOs Spend Up To 2 -- 2024-06-06
New Report Warns of LLM-Enhanced Cyber Threats: Polymorphic Malware, Customer 2 -- 2024-05-29
SEC Cracks Down on Unreported Data Breaches with New 30-Day Disclosure 2 -- 2024-05-21
LDAPjs Open Source Project Decommissioned After Maintainer Receives Abusive 2 -- 2024-05-17
CISA Launches Vulnrichment Project as NVD Backlog Hits 10k 2 -- 2024-05-10
Socket Partners with CISA to Champion 'Secure by Design' Standards 2 -- 2024-05-09
Risky Biz Podcast: How Shifts in Open Source Made It a Prime … 2 -- 2024-05-01
NPM Package for ReExt React Components Library Exfiltrates Git Credentials 2 -- 2024-04-18
Connect with Socket at RSA and BSidesSF 2024 2 -- 2024-04-15
Major Open Source Foundations Form Initiative Aimed at Building CRA-Compliant 2 -- 2024-04-04
Software Supply Chain Compromise Now the Top Threat of the Next Half … 2 -- 2024-04-02
How to Use Socket to Find Out If You Were Affected by … 2 -- 2024-03-31
Enhanced Security Scanning with Improved AI Alert Defaults 2 -- 2024-03-25
Alphv/BlackCat Fakes Law Enforcement Takedown to Scam Affiliates 2 -- 2024-03-06
Judicious JSON – Ultimate Guide to JSON 2 -- 2024-03-01
U.S. Sanctions LockBit Ransomware Affiliates, Law Enforcement Seizes Operations 2 -- 2024-02-22
Malicious NPM Package Targeting Roblox Users for Data Theft 2 -- 2024-02-06
$20M Series A to Secure Open Source Software 2 -- 2024-01-09
Blackcat Ransomware Escaltes Hostility Following FBI Release of Decryption Tool 2 -- 2023-12-21
Ledger Connect-Kit Supply Chain Attack Hits Decentralized Crypto Apps 2 -- 2023-12-14
The "Skeleton Squad" is targeting NPM 2 -- 2023-12-03
The Socket Web Extension 2 -- 2023-08-01
Limitations of CVE Security Scanners: Deep Dive into 3 Supply Chain Attacks 2 -- 2023-07-10
NPM Manifest Confusion: How Socket Protects You 2 -- 2023-06-27
What we learned building an NPM CLI wrapper 2 -- 2023-04-11
Let's Make JavaScript RegExps Streamy 2 -- 2023-02-17
Socket for GitHub 1.0 2 -- 2022-06-15
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top List 2 -- 2024-11-22
NPM Updates Search Experience with New Objective Sorting Options 2 -- 2024-12-05
Typosquatting Cryptographic Libraries: Malicious NPM Packages Threaten Crypto 2 -- 2024-12-01
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on NPM 2 -- 2024-12-12
Kill Switch Hidden in NPM Packages Typosquatting Chalk and Chokidar 2 -- 2025-01-13
Pnpm 10.0.0 Blocks Lifecycle Scripts by Default 2 -- 2025-01-10
Socket Now Supports Uv.lock Files 2 -- 2025-01-09
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem With 2 -- 2025-01-07
The Cyber Security Council Podcast: Securing Modern Applications in A 2 -- 2025-01-06
Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and … 2 -- 2025-01-31
Outgoing Biden Administration Issues Sweeping Executive Order on AI-Driven 2 -- 2025-01-22
UK Officials Consider Banning Ransomware Payments from Public Entities 2 -- 2025-01-16
38% of CISOs Fear They're Not Moving Fast Enough on AI 2 -- 2025-02-04
Socket and Seal Security Collaborate to Fix Critical NPM Overrides Bug 2 -- 2025-03-12
Opengrep Launches Playground in Alpha: A Faster, More Stable Environment For 2 -- 2025-03-07
Michigan TypeScript Founder Successfully Runs Doom Inside TypeScript's Type 2 -- 2025-02-28
Historical Analytics – Now in Beta 2 -- 2025-04-24
Turtles, Clams, and Cyber Threat Actors: Shell Usage 2 -- 2025-04-11
VulnCon 2025: NVD Scraps Industry Consortium Plan, Raising Questions About 2 -- 2025-04-11
A New Design for GitHub PR Comments 2 -- 2025-04-10
Safari 18.4 Ships 3 New JavaScript Features from the TC39 Pipeline 2 -- 2025-04-04
The Socket Team at RSAC and BSidesSF 2025 2 -- 2025-03-27
Node.js TSC Votes to Stop Distributing Corepack 2 -- 2025-03-19
Black Basta's Dependency Confusion Ambitions and Ransomware in Open Source 2 -- 2025-03-19
North Korean Contagious Interview Campaign Drops 35 New Malicious NPM Packages 2 -- 2025-06-25
2025 Blockchain and Cryptocurrency Threat Malware in the Open Source 2 -- 2025-06-12
NIST Under Federal Audit for NVD Processing Backlog and Delays 2 -- 2025-05-27
Node.js TSC Declines to Endorse Feature Bounty Program 2 -- 2025-05-15
The Landscape of Malicious Open Source Packages: 2025 Mid‑Year Threat Report 2 -- 2025-05-14
Tracking Protestware Spread: 28 NPM Packages Affected by Payload Targeting 2 -- 2025-07-16
Malicious NPM Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet 2 -- 2025-09-05
Static vs. Runtime Reachability: Insights from Latio's on the Record Podcast 2 -- 2025-08-13
Precomputed Reachability Analysis in Socket 2 -- 2025-07-30
Socket Now Protects the Chrome Extension Ecosystem 2 -- 2025-07-30
Socket MCP for Claude Desktop 2 -- 2025-07-29
UnitedHealth Group Discloses Protected Health Information Compromised For 1 -- 2024-04-24
New Tea.xyz Crypto Spam Targets Open Source Projects on GitHub 1 -- 2024-03-06
2023 Ransomware Trends: Rising Ransom Payments Drive Demand for Cyber Insurance 1 -- 2023-12-11
Recent Trends in Malicious Packages Targeting Discord 1 -- 2024-05-08
AI and A16Z Podcast: Combatting Modern Supply Chain Attacks with AI 1 -- 2024-05-07
NIST Drafts New Security Framework to Tackle Emerging Risks of Generative AI 1 -- 2024-05-03
The Dark Side of Open Source 1 -- 2024-04-19
Dependency Visualization: An Interactive Way to See Dependencies At 1 -- 2024-04-11
Chinchilla Squeaks Podcast: Modern Solutions for Securing Software Supply Chains 1 -- 2024-04-09
NVD Remains Stalled on Enriching CVE's, Security Industry Criticizes NIST's 1 -- 2024-04-03
U.S. Government Budget Proposal Seeks Major Increase to Cybersecurity Funding In 1 -- 2024-03-14
Node Congress Speaker Showcase: Interview with Feross Aboukhadijeh 1 -- 2024-03-08
Interview on the Daytona DotFiles Insider Blog 1 -- 2024-02-28
LockBit Dubbed "Cyber Crime Unicorn" After Reports Estimate $1B+ in Stolen Funds 1 -- 2024-02-27
Protect Your Projects from the Risks of Deprecated NPM Packages 1 -- 2024-02-01
A Short History of Protestware 1 -- 2024-01-16
'Blank Grabber' Python Package Steals Info from Discord and Telegram 1 -- 2024-01-09
Orbit Bridge Hackers Drain $81M in Crypto Assets 1 -- 2024-01-04
Socket CLI v0.9.0 Now Available 1 -- 2023-12-04
Socket Combats Insidious Typosquatting Supply Chain Attacks 1 -- 2023-11-30
Using LLMs for Analysis and Explanation in Software Supply Chain Security 1 -- 2023-10-26
Dependency Divergence GitHub Action 1 -- 2023-10-25
Unveiling the Dangers of the “AnyDesk-Malcom” Malicious Python Package 1 -- 2023-08-24
Cleaning up import paths in JavaScript/TS packages 1 -- 2023-08-16
Go Support 1 -- 2023-08-02
Socket at Black Hat and DEF Con 2023 1 -- 2023-07-20
Why Your SCA Tool Sucks 1 -- 2023-06-26
Show HN: Socket Dependency Overview – Get Clarity over Your Dependencies 1 -- 2023-03-27
What’s in your NPM stat counter? A love doll store–we hope not 1 -- 2022-10-24
Socket – Finer-grained check runs, new config options, improved reliability 1 -- 2022-07-27
Pixi/runner – simple alternative to events and signals, emphasizing performance 1 -- 2022-07-10
Every NPM package, sorted alphabetically by name 1 -- 2022-06-23
Oracle Drags Its Feet in the JavaScript Trademark Dispute 1 -- 2025-02-07
Python Tools Are Quickly Adopting the New pylock.toml Standard 1 -- 2025-06-24
Open Source Maintainers Feeling the Weight of the EU's Cyber Resilience Act 1 -- 2025-07-17
Feross on Risky Business Weekly Podcast: NPM's Ongoing Supply Chain Attacks 1 -- 2025-09-10
Plushcap, by Matt Makai. 2021-2026.