The Register
Software security biz Socket has released a free command line tool to defend developers against supply chain attacks.
Socket Firewall Free builds upon the company's safe npm tool by extending scanning capabilities beyond the JavaScript/TypeScript ecosystem to Python and Rust. It integrates with the package management tools for these languages – npm , yarn , and pnpm , pip and uv , and cargo .
Dale Bustad, staff software engineer at Socket, wrote in a blog post that the compromise of high-profile project maintainer accounts has become increasingly common, citing the attacks affecting open source projects like tinycolor , chalk , nx , and eslint-config-prettier .
"What used to be an occasional outlier is becoming disturbingly common, driven by increasingly sophisticated social engineering
America News
Fast Company Technology
WTOP
WCPO 9
PC World Business
The Motley Fool
WCTV
CNN
Las Vegas Sun
Reuters US Business
The Hill Politics