-
At @agoric, we’ve begun investigating how compatible CosmJS is with [SES](https://github.com/Agoric/SES-shim/tree/master/packages/ses#secure-ecmascript-ses) such that projects using CosmJS can use too…
-
I'm a Cyber Security researcher and developer of PackjGuard [1] to address open-source software supply chain attacks.
# Issue
During my research, I detected a _deleted package_ in this repository.
…
-
Hi Team,
on running the command:
docker run --rm ossillate/packj audit -p pypi:requests
I get the following error.
"Failed to dump json content to file /tmp/packj_audit_4414d88z/report_zw4uc_a…
-
# Background
There is currently on ongoing discussion about how to incorporate a new form of user account in Orion, and then later Atlas, which does not require the user to have an external signer …
-
**Describe what's wrong**
Hope you all are well!
This is long overdue, but I only discovered this recently.
polyfill.io is a polyfill service that [we use on every page](https://github.com/codeths/…
-
Looking at the `package.json` has led me to the following findings:
```
`package.json`, dependency versions are vulnerable to supply-chain attacks:
- barely-patched in 8.1.1, semi-patched in 10.1.3…
-
### What would you like to be added?
Please add [SLSA provenance ](https://slsa.dev/)to your releases.
It is easy to do on on Github:
https://github.com/slsa-framework/slsa-github-generator/blo…
-
### Description
This is not a FR, but it's also not a bug report...
Really cool to see the work on this. I've been thinking on risks of exploiting the supply chain when discovery is used.
Note: …
-
Posture:
* https://www.googlecloudcommunity.com/gc/Community-Blog/Monitoring-for-Suspicious-GitHub-Activity-with-Google-Security/ba-p/763610
* https://sharpletters.net/2023/02/26/examining-github-se…
-
### Describe the problem
Right now, a Tauri project contains +400 to +700 packages, not counting the frontend packages which bring this number even further up. See the dependency graph below of simpl…