Chainguard, the trusted foundation for software development and deployment, today announced Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript ...
The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased ...
Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...
The XZ attack is a backdoor that reminds us our biggest open-source security threats are from decades of unlearned lessons.
Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...
Will the OSI continue with its current AI definition path? This issue continues to be debated in both AI and open-source circles.
To empower this vision, China Unicom has launched the Yuanjing Model-as-a-Service (MaaS) platform, offering a model library, ...
The widely used image-parsing library suffers from a flaw that can allow remote code execution via crafted images in Android ...
In the rapidly evolving frontend technology ecosystem of 2025, enterprise application development has shifted from "function implementation" to a comprehensive competition focusing on "experience ...
Chainguard Libraries for JavaScript include builds that are malware-resistant and built from source on SLSA L2 infrastructure ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback