The Open Source Security Foundation (OpenSSF) has released the npm Best Practices Guide to help JavaScript and TypeScript developers reduce the security risks associated with using open-source dependencies. The guide, a product of the OpenSSF Best Practices Working Group, focuses on dependency management and supply chain security for npm and covers various areas such as how to set up a secure CI configuration, how to avoid dependency confusion, and how to limit the consequences of a hijacked dependency. The release comes as developers increasingly share and use dependencies which, while contributing to faster development and innovation, can also introduce risks.
More Stories
ICO Warns of Mobile Phone Festive Privacy Snafu
The Information Commissioner’s Office has warned that millions of Brits don’t know how to erase personal data from their old...
Friday Squid Blogging: Squid Sticker
A sticker for your water bottle. Blog moderation policy. Read More
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
OpenAI must also initiate a six-month public awareness campaign across Italian media, explaining how it processes personal data for AI...
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
The Security Service of Ukraine has accused Russian-linked actors of perpetrating a cyber-attack against the state registers of Ukraine Read...
LockBit Admins Tease a New Ransomware Version
The LockBitSupp persona said LockBit 4.0 will be launched in February 2025 Read More
Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns
The FBI has issued a warning about the Hiatus RAT malware targeting Xiongmai and Hikvision web cameras and DVRs, urging...