Episode 2 of Verified or Not — testing Debuggix against known repositories. Last week: OWASP Juice...
Episode 2 of Verified or Not — testing Debuggix against known repositories.
Last week: OWASP Juice Shop — 0 issues.
This week: Snyk's nodejs-goof — the deliberately vulnerable app Snyk uses to demo their own scanner.
• 9 engines: Semgrep, Bandit, Gitleaks, TruffleHog, Trivy, ESLint, Hadolint, Checkov, OSV-Scanner
• 213 findings. 33 critical. 91 high.
Security Labs articles - GitLab Blog
Detecting Malicious Packages Using the OSV API | OpenSSF
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
GitHub Worm Hits npm Packages With 16M Downloads
Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
New IElevator2 COM interface? No problem
Snyk's agent-scan tool works by starting every MCP server it finds in your config and querying its...
After hitting a sitemap _redirects bug and a Bluesky image race condition, I added three targeted smoke checks that catch silent…
A few weeks back I inherited an old Node.js project and spent half a day grepping package.json trying...
CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical…
Originally posted on getcommit.dev. In October 2021, ua-parser-js was used by Facebook, Microsoft,...
