A group of software package maintainers has developed a solution for safeguarding open source JavaScript libraries-based apps. The programme, known as Socket, employs a new, proactive defence against open source software supply chain threats.
When a criminal hacks a package and uses it to disseminate malicious code to apps that rely on it, this is known as a supply chain attack. This strategy is becoming increasingly dangerous, especially as more and more apps rely on open source software components. Read More…