Upwind links compromise of multiple AsyncAPI npm packages to coordinated attack on software release process
Developers often assume that packages published through official channels have passed through a secure release process. That assumption is fundamental to modern software development, where open source components are routinely integrated into applications through automated dependency management. A new investigation suggests that confidence can be challenged when attackers gain access to the systems responsible for publishing software. […]
This story continues at The Next Web
Read more »