The Changelog: Software Development, Open Source

npm under siege (what to do about it) (Friends)

Listen Later

Over the past two months, we’ve seen some of the most serious supply chain attacks in npm history: phishing campaigns, maintainer account takeovers, and malware published to packages with billions of weekly downloads. What is going on?! What can we do about it? Our old friend, Feross Aboukhadijeh, joins us to help make sense of it all.

Join the discussion

Changelog++ members save 2 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

  • Depot10x faster builds? Yes please. Build faster. Waste less time. Accelerate Docker image builds, and GitHub Actions workflows. Easily integrate with your existing CI provider and dev workflows to save hours of build time.

Featuring:

  • Feross Aboukhadijeh – Website, GitHub, X
  • Jerod Santo – GitHub, LinkedIn, Mastodon, X
  • Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X

Show Notes:

  • Active supply chain attack: npm phishing campaign
  • Npm phishing email targets developers with typosquat
  • Nx npm packages compromised in supply chain attack
  • Introducing socket firewall
  • Changelog News Classifieds

    • Something missing or broken? PRs welcome!

    ...more
    View all episodesView all episodes
    Download on the App Store
    The Changelog: Software Development, Open SourceBy Changelog Media
    • 4.7
    • 4.7
    • 4.7
    • 4.7
    • 4.7

    4.7

    285 ratings

    More shows like The Changelog: Software Development, Open Source

    View all
    Software Engineering Radio by se-radio@computer.org

    Software Engineering Radio

    271 Listeners

    Hanselminutes with Scott Hanselman by Scott Hanselman

    Hanselminutes with Scott Hanselman

    380 Listeners

    Software Engineering Daily by Software Engineering Daily

    Software Engineering Daily

    623 Listeners

    Talk Python To Me by Michael Kennedy

    Talk Python To Me

    587 Listeners

    Soft Skills Engineering by Jamison Dance and Dave Smith

    Soft Skills Engineering

    284 Listeners

    Thoughtworks Technology Podcast by Thoughtworks

    Thoughtworks Technology Podcast

    41 Listeners

    Python Bytes by Michael Kennedy and Brian Okken

    Python Bytes

    214 Listeners

    Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

    Syntax - Tasty Web Development Treats

    984 Listeners

    CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

    CoRecursive: Coding Stories

    188 Listeners

    Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

    Kubernetes Podcast from Google

    182 Listeners

    Practical AI by Practical AI LLC

    Practical AI

    211 Listeners

    The Stack Overflow Podcast by The Stack Overflow Podcast

    The Stack Overflow Podcast

    62 Listeners

    The Real Python Podcast by Real Python

    The Real Python Podcast

    141 Listeners

    Oxide and Friends by Oxide Computer Company

    Oxide and Friends

    59 Listeners

    The Pragmatic Engineer by Gergely Orosz

    The Pragmatic Engineer

    65 Listeners