Sign up to save your podcasts
Or
Share Emergency DevSec Station drop: NPM Worm in the Wild
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Emergency DevSec Station drop: NPM Worm in the Wild
🚨 Emergency DevSec Station drop.
There's an active npm supply chain attack happening right now. Compromised packages are stealing SSH keys, AWS credentials, GitHub tokens, browser passwords, and crypto wallets on install. Then using your publish token to infect every package you maintain.
One command can protect you immediately: npm config set ignore-scripts true
Do it today, please. Tell your team. Watch the full 60 seconds.
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm
View all episodes
By Tanya Janca | SheHacksPurple🚨 Emergency DevSec Station drop.
There's an active npm supply chain attack happening right now. Compromised packages are stealing SSH keys, AWS credentials, GitHub tokens, browser passwords, and crypto wallets on install. Then using your publish token to infect every package you maintain.
One command can protect you immediately: npm config set ignore-scripts true
Do it today, please. Tell your team. Watch the full 60 seconds.
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm