Deep dive into Visual Studio Code extension security vulnerabilities | Snyk
To stay ahead of attackers, we constantly monitor various security threats. One of these threats — supply chain attacks — aims to compromise an organization through its software development process. Recently, a huge spike in supply chain attacks was observed — dependency confusion was discovered, the SolarWinds breach was reported and more malicious packages were flagged. This certainly drew our a
10 best practices to containerize Node.js web applications with Docker | Snyk Blog | Snyk
September 14, 2022: Check out our new and improved cheat sheet for containerizing Node.js web applications with Docker! Are you looking for best practices on how to build Node.js Docker images for your web applications? Then you’ve come to the right place! The following article provides production-grade guidelines for building optimized and secure Node.js Docker images. You’ll find it helpful rega
JavaScript frameworks security report 2019 | Snyk
Welcome to Snyk's State of JavaScript frameworks security report 2019. In this report, we investigate the state of security for both the Angular and React ecosystems. This report by no means intends to venture into any rivalries that may exist between the two in terms of whether one or the other is a true framework - we are not comparing them as competitive frameworks at all. Instead, we review th
Why npm lockfiles can be a security blindspot for injecting malicious modules | Snyk
I recently started playing around with the idea of threat modeling packages on the npm ecosystem. Can an event-stream incident happen again? How about other supply chain attacks? What will be the next vector of attack that we haven’t seen yet and might it be entirely preventable? And then, one day I had a eureka! ? Let me show you how easy it is to introduce back doors that are easily missed by pr
Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months | Snyk
A widely used npm package, event-stream, has been found to contain a malicious package named flatmap-stream. This was disclosed via a GitHub issue raised against the source repo. The event-stream package makes creating and working with streams easy, and is very popular, getting roughly 2 million downloads a week. The malicious child package has been downloaded nearly 8 million times since its incl
Introducing experimental integrity policies to Node.js | Snyk
A recent experimental feature for introducing integrity policies landed in Node.js core 11.8.0. This capability, shipped in non LTS version yet, provides integrity checks for a Node.js runtime when modules are being loaded, in order to verify that the modules code haven’t been tampered with. Bradley Farias introduced this change in October 2018 and borrowed the idea from a similar security feature
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
A Message from Snyk CEO Peter McKay | Snyk
Explaining the csurf vulnerability: CSRF attacks on all versions | Snyk
Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks | Snyk
7 tips for prioritizing container and web application vulnerabilities | Snyk
Mastering Node.js version management and npm registry sources like a pro | Snyk
84% of all websites are impacted by jQuery XSS vulnerabilities | Snyk
A post-mortem of the malicious event-stream backdoor | Snyk
新横浜密着情報シンヨコのサイト