Bleeping Computer

npm dependency is breaking some React apps today — here's the fix

Tons of users are reporting their Facebook Create React App builds are failing since yesterday. The cause has been traced down to a dependency used by create-react-app, the latest version of which is ...
Techaeris

Managing vital patches for NPM dependencies

When it comes to bugs in your dependencies, there are two main areas that represent a cause for concern – and, to a certain extent, these are two warring forces that can make it difficult for you to ...
CSOonline

OpenSSF releases npm best practices to help developers tackle open-source dependency risks

The npm Best Practices Guide aims to help JavaScript and TypeScript developers reduce the security risks of using open-source dependencies. The Open Source Security Foundation (OpenSSF) has released ...
Dark Reading

On Shaky Ground: Why Dependencies Will Be Your Downfall

Software dependencies, or a piece of software that an application requires to function, are notoriously difficult to manage and constitute a major software supply chain risk. If you're not aware of ...
Dark Reading

Malicious NPM Packages Disguised With 'Invisible' Dependencies

As poisoned software continues to pop up across the industry, some threat actors have found a way to hide malicious code in npm packages and avoid detection from most security tools. In an blog post ...