Blog Home
npm12 - Thumbnail 203X148 (1)

npm v12’s Biggest Security Change: From Implicit to Explicit Trust
June 18, 2026

For years, installing an npm package has meant trusting that every package in the dependency tree will behave as expected. Whether code originated from the npm registry, a Git repository, a remote URL, or an installation script buried deep within a transitive dependency, npm would typically execute or retrieve it automatically during the installation process. …

Read More
repohunter, ci/cd security, github actions, shai hulud, supply chain attack, cybersecurity, ai, devsecops, vulnerability research, pwn request, open source, ansible, software security

How JFrog’s AI-Research Bot Found OSS CI/CD Vulnerabilities to Prevent Shai Hulud 3.0
March 05, 2026

Recent incidents have proven that Continuous Integration (CI) workflows are the new battleground for software supply chain attacks. Security Pitfalls in GitHub Actions workflows, such as the unsanitized use of pull request (PR) data, can allow attackers to execute malicious code during CI runs with devastating consequences. For example, the high-profile “S1ngularity” attack on the …

Read More

Popular Tags