News

ZDNet6y
GitHub launches Package Registry to easily generate packages from your code
Code hosting website GitHub announced today a new service for its customers that will allow developers and organizations an easy way to generate "packages" from their code. Packages are specially ...
Ars Technica7mon
Hundreds of code libraries posted to NPM try to install malware on dev machines
An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...
Ars Technica1mon
AI-generated code could be a disaster for the software supply chain. Here’s why.
AI-generated computer code is rife ... third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages that can steal data ...
Wired1mon
AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks
AI-generated computer code is rife ... third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages that can steal data ...