Skip to content

Malicious Packages and Users are infiltrating software around the globe. Examples of Account Takeover, Dependency Confusion, Hacktivism and Chain/Repo-Jacking are being used to infect your software.

Notifications You must be signed in to change notification settings

CxTyler/SupplyChainSecurity

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SupplyChainSecurity

  • Malicious Packages and Users are infiltrating software around the globe. Examples of Account Takeover, Dependency Confusion, Hacktivism and Chain/Repo-Jacking are being used to infect your software. This repository highlights some of the key Supply Chain flaws that Checkmarx can help you uncover before it's too late.

Account Take Over (Good Packages Gone Bad)

Dependency Confusion

TypoSqutting

ChainJacking (Go / Swift)

Hacktisim/Protetsware

  • node-ipc_9.2.2
  • "Don't trust code from strangers" or more importantly, should you trust contributers who have a questioanble past? RIAEvangelist was responsible for a Hacktivism act against the Russian/Ukraine War introducing a "Peacenotwar" package in NPM - node-ipc_9.2.2. They also maintain 40+ other Open Source projects like event-pubsub (not malicious)
  • https://checkmarx.com/blog/protestware-politics-and-open-source-software/

About

Malicious Packages and Users are infiltrating software around the globe. Examples of Account Takeover, Dependency Confusion, Hacktivism and Chain/Repo-Jacking are being used to infect your software.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages