Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
GitHub has introduced the GitHub Package Registry, a package management service integrated into GitHub that allows developers to publish private or public packages next to their source code. GitHub ...
Security researchers have uncovered two new malicious packages on the npm open source package manager that utilized GitHub to store stolen Base64-encrypted SSH keys taken from developer systems. These ...
GitHub is expanding the scope of its code repository to include support for publishing software packages, the company annoucned Friday afternoon. After teasing an announcement all week on Twitter, ...
The GlassWorm malware has reared its ugly head again in the Open VSX registry, roughly two weeks after being removed.
Facepalm: GitHub serves as a colossal hub for software development, hosting nearly half a billion code projects created by hundreds of millions of developers worldwide. Given its extensive reach and ...
A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and ...
A new malicious package has been found on the Python Package Index (PyPI) repository that could hide code in images with a steganographic technique and infect users through open-source projects on ...
With GitHub Actions, you can build a container app, deploy a web service, publish packages to registries, or automate welcoming new programmers to your open source projects. Or chain them all together ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback