惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cyberwarzone
Cyberwarzone
Apple Machine Learning Research
Apple Machine Learning Research
T
The Blog of Author Tim Ferriss
L
LangChain Blog
N
Netflix TechBlog - Medium
O
OpenAI News
罗磊的独立博客
The Last Watchdog
The Last Watchdog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Stack Overflow Blog
Stack Overflow Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
F
Fortinet All Blogs
小众软件
小众软件
B
Blog RSS Feed
H
Help Net Security
L
LINUX DO - 最新话题
S
Security @ Cisco Blogs
Microsoft Azure Blog
Microsoft Azure Blog
S
Secure Thoughts
爱范儿
爱范儿
G
Google Developers Blog
P
Privacy International News Feed
Attack and Defense Labs
Attack and Defense Labs
C
CERT Recently Published Vulnerability Notes
S
Schneier on Security
阮一峰的网络日志
阮一峰的网络日志
MyScale Blog
MyScale Blog
AWS News Blog
AWS News Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Recent Commits to openclaw:main
Recent Commits to openclaw:main
aimingoo的专栏
aimingoo的专栏
U
Unit 42
云风的 BLOG
云风的 BLOG
Recent Announcements
Recent Announcements
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Project Zero
Project Zero
酷 壳 – CoolShell
酷 壳 – CoolShell
Cloudbric
Cloudbric
The GitHub Blog
The GitHub Blog
C
Cisco Blogs
美团技术团队
D
Docker
I
Intezer
The Cloudflare Blog
Martin Fowler
Martin Fowler
T
Tor Project blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"

The Stack

Ron van Kemanade, Group COO, Lloyds, on agents, COBOL, IAM. Langflow instances are getting exploited – again Red Hat's $5 billion answer to Mythos: fix all the code OpenAI acquires German startup to spin up cloud dev environments for better agent control STACKUP: The Stack's weekly tech startups and funding wrap Microsoft CEO warns over concentrated AI model dependency Internet pillar cURL takes a summer holiday from security Anthropic knee-capped by abrupt export controls Months after losing its CEO, now Adobe's CFO gets poached Oracle zero-day exploited for nearly two weeks by Shiny Hunters HM Treasury needs a new CTO, the salary is below average AMD joins UK's Sovereign AI train with Cambridge "AI lab" Oracle PeopleSoft vulnerability exploited: 100s reported hit Oracle reports a $638 billion backlog The UK wants to record court hearings - but not an actual plan Bank of England restarts stalled £24m data collection refresh Anthropic warns LLMs can crank out N-day exploits cheap and fast Defender under Attack: June's Patch Tuesday in the spotlight The CISO needs to get focused on business resilience LibreOffice denounces Euro-Office as Microsoft Trojan Horse Apple's revamped Siri AI leans on Google models and cloud AI could be driving IT hiring in Europe, new report finds UK calls for “device-based” nude controls Cult browser project Ladybird cuts off code community UK gets $1.5bn AI Hardware Plan, and a big-coalition sovereign model plan too STACKUP: The Stack's weekly tech startups and funding wrap Fake IT support staff are walking in to US law firms to steal data Apple found a way to sharply cut token use Apache Livy graduates to Top-level project for Spark support Supabase raises $500m, looks to horizontal Postgres scaling GitLab Field CTO on unlikely customers pulling ahead with AI Killing the card? The UK’s banks eye a payments revolution MPs call on UK government to drop £330m Palantir-NHS deal The Tokenomics Foundation is coming for AI Finops Microsoft's new models give it a better moat The EU dropped its latest tech sovereignty package – what to know HMRC digital transformation: new customer service platform Tokenmaxxing is dead. Finops for AI is emerging slowly. This database company wants to take on Palantir ChatGPT 5.5 and Codex now on Bedrock for easy AWS access Multicloud gets sweeter with a 500 Mbps free private link Alphabet raising $80bn to keep up with ballooning AI CapEx How to get visibility and isolation for AI in Kubernetes Red Hat packages injected with worm in supply chain attack STACKUP: The Stack's weekly tech startups and funding wrap Dell COO says “pain” of price hikes will continue NVIDIA, MS tease tighter agent-native security primitives in Windows Sumedh Thakar: CISOs need to think Shock, WoW, and "AWE" Microsoft turns down temperature amid Nightmare Eclypse row IBM to put $5bn and 20,000 engineers into OSS security fight MongoDB eyes more federal work, snaps up partner Clarity Chinese cyber victims overlapping with industrial strategy - ESET Microsoft stirs a hornets nest over “criminal” zero day disclosure threats Snowflake's AI coding tool is "flywheel" for data platform “Headless” Salesforce hits 1 trillion API calls MySQL gets a foundation with no Oracle, but Alibaba presense GCHQ teases “blueprint” for national AI cyber defense BNP Paribas moves to “zero copy” data model Snowflake joins US federal discount scheme Can Dropbox's new CEO save it from stagnation? Zscaler CEO drools over Mythos tailwind, but Jason's and Joe's departures spook markets Google chases a Kubernetes moment for AI agents UKHSA sticks with Oracle after outsourcing payroll Lenovo eyes “personal AI super agents” in $100 billion drive US eyes physics-based safeguards for water cyber threats Accenture beats IBM in Post Office's latest bid to ditch Horizon
What is npm doing to protect the JavaScript ecosystem
Mary Branscombe · 2026-06-16 · via The Stack

cybersecurity

npm’s attempts to make package publishing safer haven’t stemmed the relentless supply chain attacks: Are they on the right track?

Mary Branscombe

 -  15 min read

What is npm doing to protect the JavaScript ecosystem – and is it enough?
image source: https://unsplash.com/@123duo3

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。