{"id":162213,"date":"2025-09-19T22:01:37","date_gmt":"2025-09-19T20:01:37","guid":{"rendered":"https:\/\/jfrog.com\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/"},"modified":"2026-01-20T14:47:38","modified_gmt":"2026-01-20T12:47:38","slug":"shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages","status":"publish","type":"post","link":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/","title":{"rendered":"Security \u201eLefter than Left\u201c: Der Schl\u00fcssel zur Vermeidung riskanter Packages"},"content":{"rendered":"

\"\"<\/p>\n

Mit der rasanten Entwicklung im Bereich KI werden Entwickler heute mit einer beeindruckenden Auswahl an neuen Software Packages und bahnbrechenden Tools wie GitHub CoPilot, Sourcegraph, Qodo, Cursor oder Goose \u00fcberflutet. Diese versprechen enorme Fortschritte in Sachen Produktivit\u00e4t und Wirkung der Softwareentwicklung \u2013 und die Begeisterung dar\u00fcber w\u00e4chst stetig.<\/p>\n

Doch auch Cyberangreifer teilen diese Begeisterung. Die Einf\u00fchrung neuer Entwicklungsressourcen \u00fcbersteigt stets die M\u00f6glichkeiten, deren Nutzung zu sichern, und dies bietet b\u00f6swilligen Akteuren eine Gelegenheit, Schwachstellen ohne nennenswerte Schwierigkeiten durch strenge Sicherheitskontrollen auszunutzen.<\/p>\n

In der Developer-Security-Welt wurden bereits gro\u00dfe Fortschritte bei der Absicherung von Open-Source-Software (OSS) Abh\u00e4ngigkeiten und externen Komponenten erzielt. Schlie\u00dflich gelangt der Gro\u00dfteil der Schwachstellen in Code-Basen \u00fcber Bausteine von Drittanbietern in das System. Doch im KI-Zeitalter nehmen die Risiken f\u00fcr die Software-Lieferkette rapide zu \u2013 und sie weiten sich \u00fcber reine Software-Abh\u00e4ngigkeiten hinaus auf Developer-Tools und Extensions aus.<\/p>\n

Der gr\u00f6\u00dfte npm-Lieferketten-Angriff der Geschichte trifft 20 Packages<\/h2>\n

Am 8. September 2025<\/a> wurde ein massiver Angriff auf Software-Lieferketten auf popul\u00e4re npm-Packages entdeckt. 20 Packages mit insgesamt \u00fcber zwei Milliarden Downloads waren betroffen. In diesem Fall schleusten die Angreifer b\u00f6sartigen Code ein, um Kryptow\u00e4hrungstransaktionen abzufangen und umzuleiten. Die enorme Reichweite macht diesen Vorfall zum bisher umfassendsten Lieferketten-Angriff in der Geschichte von npm (eine detaillierte technische Analyse finden Sie im Blog<\/a> des JFrog Security Research Teams). Gl\u00fccklicherweise blieben die realen Auswirkungen trotz der 2,5 Millionen Downloads der kompromittierten Packages minimal.<\/p>\n

Angriffe dieser Art werden immer h\u00e4ufiger und raffinierter. Viele Softwareunternehmen stehen vor dem Dilemma: Entweder sie bremsen die Geschwindigkeit und Produktivit\u00e4t ihrer Entwickler durch drakonische Sicherheitsma\u00dfnahmen aus, oder sie gehen durch ungepr\u00fcfte Artefakte, Packages und Tools ein zu hohes Risiko f\u00fcr ihre Software-Lieferkette ein.<\/p>\n

Es ist keine praktikable Strategie, sich darauf zu verlassen, dass Entwickler jedes Package oder Tool manuell pr\u00fcfen. Erforderlich ist stattdessen eine L\u00f6sung, die riskante oder b\u00f6sartige Komponenten direkt \u201ean der T\u00fcr\u201c blockiert und sicherstellt, dass sie gar nicht erst in den Software Development Lifecycle (SDLC) gelangen.<\/p>\n

Dies ist der differenzierte Ansatz, den JFrog mit seiner Software Supply Chain Security Plattform verfolgt: Wir verlagern Security noch weiter \u201enach links\u201c als herk\u00f6mmliche Shift-Left-Ans\u00e4tze.<\/p>\n

Risiken pr\u00e4ventiv begegnen mit JFrog Curation<\/h2>\n

JFrog Curation<\/a> ist die L\u00f6sung, die es Entwicklern erm\u00f6glicht, m\u00fchelos mit validierten und freigegebenen Abh\u00e4ngigkeiten und Packages zu arbeiten. Es fungiert im Wesentlichen als Firewall zwischen Ihren Entwicklern und \u00f6ffentlichen Repositories. So wird sichergestellt, dass nur gepr\u00fcfte OSS-Abh\u00e4ngigkeiten in das \u00d6kosystem Ihres Unternehmens gelangen.<\/p>\n

Curation trackt die von Ihrem Unternehmen zugelassenen OSS-Packages und -Modelle. Durch diesen richtlinienbasierten Ansatz f\u00fcr Softwarekomponenten von Drittanbietern entsteht eine Win-Win-Situation f\u00fcr Security-Teams und Entwickler gleicherma\u00dfen.<\/p>\n

\"FIGURE<\/p>\n

ABBILDUNG 1: Erstellung detaillierter Richtlinien in Curation zum Blockieren unreifer Packages<\/em><\/p>\n

Die Sicherheit profitiert massiv von Curation. Betrachten wir ein g\u00e4ngiges Szenario: Eine neue Version eines Packages wird ver\u00f6ffentlicht, und Entwickler laden sie sofort herunter, um sie einzusetzen. \u201eUnreife\u201c Packages bergen jedoch oft operationelle Risiken sowie ernsthafte Sicherheitsl\u00fccken, die typischerweise erst innerhalb eines Fensters von 14 Tagen nach dem Release entdeckt werden. Mit Curation k\u00f6nnen Security-Teams Richtlinien durchsetzen, die neue Packages basierend auf ihrem Alter blockieren. Dies gibt der Security-Community die n\u00f6tige Zeit f\u00fcr eine fundierte Pr\u00fcfung.<\/p>\n

Man k\u00f6nnte meinen, dass solche Richtlinien die Developer Experience (DevEx) beeintr\u00e4chtigen. Schlie\u00dflich k\u00f6nnte das Blockieren eines Packages ein gesamtes Projekt zum Stillstand bringen. Curation l\u00f6st dieses Problem: Wenn die von Entwicklern angeforderten neuesten Packages nicht den Anforderungen der Reifegradrichtlinie entsprechen, weist Curation Artifactory einfach an, die neueste konforme Version gem\u00e4\u00df Ihren definierten Richtlinien bereitzustellen.<\/p>\n

M\u00f6chten Sie im Detail erfahren, wie Curation Ihre Software-Lieferkette vor riskanten Packages sch\u00fctzt? Vereinbaren Sie einen Termin mit einem unserer Experten!<\/b><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Mit der rasanten Entwicklung im Bereich KI werden Entwickler heute mit einer beeindruckenden Auswahl an neuen Software Packages und bahnbrechenden Tools wie GitHub CoPilot, Sourcegraph, Qodo, Cursor oder Goose \u00fcberflutet. Diese versprechen enorme Fortschritte in Sachen Produktivit\u00e4t und Wirkung der Softwareentwicklung \u2013 und die Begeisterung dar\u00fcber w\u00e4chst stetig. Doch auch Cyberangreifer teilen diese Begeisterung. Die …<\/p>\n","protected":false},"author":648,"featured_media":158398,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[10157],"tags":[10348],"class_list":["post-162213","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sicherheit-und-devsecops","tag-security-research-de","resource_categories-security-research"],"yoast_head":"\nSecurity \u2018Lefter Than Left\u2019 sch\u00fctzt die Software Supply Chain | JFrog<\/title>\n<meta name=\"description\" content=\"Mit JFrog Curation sch\u00fctzen Sie Ihre Lieferkette vor riskanten Software Packages - erfahren Sie alles \u00fcber Security 'Lefter Than Left'.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/posts\/162213\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security \u201eLefter than Left\u201c: Der Schl\u00fcssel zur Vermeidung riskanter Packages\" \/>\n<meta property=\"og:description\" content=\"Mit JFrog Curation sch\u00fctzen Sie Ihre Lieferkette vor riskanten Software Packages - erfahren Sie alles \u00fcber Security 'Lefter Than Left'.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/\" \/>\n<meta property=\"og:site_name\" content=\"JFrog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/artifrog\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-19T20:01:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-20T12:47:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/media.jfrog.com\/wp-content\/uploads\/2025\/09\/19220051\/NPM-pkg_blog_1200x628.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"jennifermc\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@jfrog\" \/>\n<meta name=\"twitter:site\" content=\"@jfrog\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"jennifermc\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/\"},\"author\":{\"name\":\"jennifermc\",\"@id\":\"https:\/\/jfrog.com\/de\/#\/schema\/person\/8d56766031e8bae97b53416767c6b54f\"},\"headline\":\"Security \u201eLefter than Left\u201c: Der Schl\u00fcssel zur Vermeidung riskanter Packages\",\"datePublished\":\"2025-09-19T20:01:37+00:00\",\"dateModified\":\"2026-01-20T12:47:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/\"},\"wordCount\":634,\"publisher\":{\"@id\":\"https:\/\/jfrog.com\/de\/#organization\"},\"image\":{\"@id\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/09\/19215858\/NPM-pkg_blog_thumbnail.png\",\"keywords\":[\"security-research\"],\"articleSection\":[\"Sicherheit und DevSecOps\"],\"inLanguage\":\"de-DE\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/\",\"url\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/\",\"name\":\"Security \u2018Lefter Than Left\u2019 sch\u00fctzt die Software Supply Chain | JFrog\",\"isPartOf\":{\"@id\":\"https:\/\/jfrog.com\/de\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/09\/19215858\/NPM-pkg_blog_thumbnail.png\",\"datePublished\":\"2025-09-19T20:01:37+00:00\",\"dateModified\":\"2026-01-20T12:47:38+00:00\",\"description\":\"Mit JFrog Curation sch\u00fctzen Sie Ihre Lieferkette vor riskanten Software Packages - erfahren Sie alles \u00fcber Security 'Lefter Than Left'.\",\"breadcrumb\":{\"@id\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#breadcrumb\"},\"inLanguage\":\"de-DE\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#primaryimage\",\"url\":\"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/09\/19215858\/NPM-pkg_blog_thumbnail.png\",\"contentUrl\":\"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/09\/19215858\/NPM-pkg_blog_thumbnail.png\",\"width\":203,\"height\":148},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jfrog.com\/de\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security \u201eLefter than Left\u201c: Der Schl\u00fcssel zur Vermeidung riskanter Packages\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jfrog.com\/de\/#website\",\"url\":\"https:\/\/jfrog.com\/de\/\",\"name\":\"JFrog\",\"description\":\"Deliver Trusted Software Releases at Speed and Scale\",\"publisher\":{\"@id\":\"https:\/\/jfrog.com\/de\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jfrog.com\/de\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"de-DE\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jfrog.com\/de\/#organization\",\"name\":\"JFrog\",\"url\":\"https:\/\/jfrog.com\/de\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\/\/jfrog.com\/de\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/05\/27095207\/Logo.svg\",\"contentUrl\":\"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/05\/27095207\/Logo.svg\",\"width\":74,\"height\":73,\"caption\":\"JFrog\"},\"image\":{\"@id\":\"https:\/\/jfrog.com\/de\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/artifrog\",\"https:\/\/x.com\/jfrog\",\"https:\/\/www.linkedin.com\/company\/455737\",\"https:\/\/www.youtube.com\/channel\/UCh2hNg76zo3d1qQqTWIQxDg\",\"https:\/\/www.wikidata.org\/wiki\/Q98608948\"],\"description\":\"We set out on our Liquid Software journey in 2008, with the mission to transform the way enterprises manage and release software updates. The world expects software to update continuously, securely, non-intrusively and without user intervention. This hyper-connected experience can only be enabled by automation with an end-to-end DevOps platform and a binary-centric focus. With this in mind, we\u2019ve developed the JFrog Platform, ushering in a new era of DevOps and DevSecOps standards that power continuous updates. More than a decade after our founding, with thousands of customers and millions of users globally, JFrog has become the \u201cDatabase of DevOps\u201d and the de-facto standard in release and update management.\",\"legalName\":\"Jfrog, Inc.\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"1001\",\"maxValue\":\"5000\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jfrog.com\/de\/#\/schema\/person\/8d56766031e8bae97b53416767c6b54f\",\"name\":\"jennifermc\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\/\/jfrog.com\/de\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5e56c6d2fb8b7553202991694700b600df03884ae366bf115dc962790c07576a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5e56c6d2fb8b7553202991694700b600df03884ae366bf115dc962790c07576a?s=96&d=mm&r=g\",\"caption\":\"jennifermc\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Security \u2018Lefter Than Left\u2019 sch\u00fctzt die Software Supply Chain | JFrog","description":"Mit JFrog Curation sch\u00fctzen Sie Ihre Lieferkette vor riskanten Software Packages - erfahren Sie alles \u00fcber Security 'Lefter Than Left'.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/posts\/162213","og_locale":"de_DE","og_type":"article","og_title":"Security \u201eLefter than Left\u201c: Der Schl\u00fcssel zur Vermeidung riskanter Packages","og_description":"Mit JFrog Curation sch\u00fctzen Sie Ihre Lieferkette vor riskanten Software Packages - erfahren Sie alles \u00fcber Security 'Lefter Than Left'.","og_url":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/","og_site_name":"JFrog","article_publisher":"https:\/\/www.facebook.com\/artifrog","article_published_time":"2025-09-19T20:01:37+00:00","article_modified_time":"2026-01-20T12:47:38+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/media.jfrog.com\/wp-content\/uploads\/2025\/09\/19220051\/NPM-pkg_blog_1200x628.png","type":"image\/png"}],"author":"jennifermc","twitter_card":"summary_large_image","twitter_creator":"@jfrog","twitter_site":"@jfrog","twitter_misc":{"Written by":"jennifermc","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#article","isPartOf":{"@id":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/"},"author":{"name":"jennifermc","@id":"https:\/\/jfrog.com\/de\/#\/schema\/person\/8d56766031e8bae97b53416767c6b54f"},"headline":"Security \u201eLefter than Left\u201c: Der Schl\u00fcssel zur Vermeidung riskanter Packages","datePublished":"2025-09-19T20:01:37+00:00","dateModified":"2026-01-20T12:47:38+00:00","mainEntityOfPage":{"@id":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/"},"wordCount":634,"publisher":{"@id":"https:\/\/jfrog.com\/de\/#organization"},"image":{"@id":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#primaryimage"},"thumbnailUrl":"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/09\/19215858\/NPM-pkg_blog_thumbnail.png","keywords":["security-research"],"articleSection":["Sicherheit und DevSecOps"],"inLanguage":"de-DE"},{"@type":"WebPage","@id":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/","url":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/","name":"Security \u2018Lefter Than Left\u2019 sch\u00fctzt die Software Supply Chain | JFrog","isPartOf":{"@id":"https:\/\/jfrog.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#primaryimage"},"image":{"@id":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#primaryimage"},"thumbnailUrl":"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/09\/19215858\/NPM-pkg_blog_thumbnail.png","datePublished":"2025-09-19T20:01:37+00:00","dateModified":"2026-01-20T12:47:38+00:00","description":"Mit JFrog Curation sch\u00fctzen Sie Ihre Lieferkette vor riskanten Software Packages - erfahren Sie alles \u00fcber Security 'Lefter Than Left'.","breadcrumb":{"@id":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#breadcrumb"},"inLanguage":"de-DE","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/"]}]},{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#primaryimage","url":"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/09\/19215858\/NPM-pkg_blog_thumbnail.png","contentUrl":"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/09\/19215858\/NPM-pkg_blog_thumbnail.png","width":203,"height":148},{"@type":"BreadcrumbList","@id":"https:\/\/jfrog.com\/de\/blog\/shifting-security-lefter-than-left-is-the-key-to-avoiding-risky-packages\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jfrog.com\/de\/"},{"@type":"ListItem","position":2,"name":"Security \u201eLefter than Left\u201c: Der Schl\u00fcssel zur Vermeidung riskanter Packages"}]},{"@type":"WebSite","@id":"https:\/\/jfrog.com\/de\/#website","url":"https:\/\/jfrog.com\/de\/","name":"JFrog","description":"Deliver Trusted Software Releases at Speed and Scale","publisher":{"@id":"https:\/\/jfrog.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jfrog.com\/de\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de-DE"},{"@type":"Organization","@id":"https:\/\/jfrog.com\/de\/#organization","name":"JFrog","url":"https:\/\/jfrog.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/jfrog.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/05\/27095207\/Logo.svg","contentUrl":"https:\/\/speedmedia2.jfrog.com\/08612fe1-9391-4cf3-ac1a-6dd49c36b276\/media.jfrog.com\/wp-content\/uploads\/2025\/05\/27095207\/Logo.svg","width":74,"height":73,"caption":"JFrog"},"image":{"@id":"https:\/\/jfrog.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/artifrog","https:\/\/x.com\/jfrog","https:\/\/www.linkedin.com\/company\/455737","https:\/\/www.youtube.com\/channel\/UCh2hNg76zo3d1qQqTWIQxDg","https:\/\/www.wikidata.org\/wiki\/Q98608948"],"description":"We set out on our Liquid Software journey in 2008, with the mission to transform the way enterprises manage and release software updates. The world expects software to update continuously, securely, non-intrusively and without user intervention. This hyper-connected experience can only be enabled by automation with an end-to-end DevOps platform and a binary-centric focus. With this in mind, we\u2019ve developed the JFrog Platform, ushering in a new era of DevOps and DevSecOps standards that power continuous updates. More than a decade after our founding, with thousands of customers and millions of users globally, JFrog has become the \u201cDatabase of DevOps\u201d and the de-facto standard in release and update management.","legalName":"Jfrog, Inc.","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"1001","maxValue":"5000"}},{"@type":"Person","@id":"https:\/\/jfrog.com\/de\/#\/schema\/person\/8d56766031e8bae97b53416767c6b54f","name":"jennifermc","image":{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/jfrog.com\/de\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5e56c6d2fb8b7553202991694700b600df03884ae366bf115dc962790c07576a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5e56c6d2fb8b7553202991694700b600df03884ae366bf115dc962790c07576a?s=96&d=mm&r=g","caption":"jennifermc"}}]}},"_links":{"self":[{"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/posts\/162213","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/users\/648"}],"replies":[{"embeddable":true,"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/comments?post=162213"}],"version-history":[{"count":6,"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/posts\/162213\/revisions"}],"predecessor-version":[{"id":162220,"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/posts\/162213\/revisions\/162220"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/media\/158398"}],"wp:attachment":[{"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/media?parent=162213"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/categories?post=162213"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jfrog.com\/de\/wp-json\/wp\/v2\/tags?post=162213"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}