This is stars and forks stats for /CxTyler/SupplyChainSecurity repository. As of 26 Apr, 2024 this repository has 7 stars and 29 forks.
SupplyChainSecurity Malicious Packages and Users are infiltrating software around the globe. Examples of Account Takeover, Dependency Confusion, Hacktivism and Chain/Repo-Jacking are being used to infect your software. This repository highlights some of the key Supply Chain flaws that Checkmarx can help you uncover before it's too late. Account Take Over (Good Packages Gone Bad) ua-parser-js_0.7.29.zip (Account takeover with malicious intent) ua-parser-js_0.7.28.zip (Safe and respectable version) https://checkmarx.com/blog/uaparser-js-attack-preparations/ Dependency Confusion jb-rpd-splash 99.10.10 https://checkmarx.com/blog/a-new-type-of-supply-chain-attack-could-put-popular-admin-tools-at-risk/ TypoSqutting Moment (https://www.npmjs.com/package/moment) vs. Momnet (https://www.npmjs.com/package/momnet) https://checkmarx.com/blog/recently-discovered-supply-chain-worm/ ChainJacking (Go / Swift) https://checkmarx.com/blog/a-new-type-of-supply-chain-attack-could-put-popular-admin-tools-at-risk/ Hacktisim/Protetsware node-ipc_9.2.2 "Don't trust code from strangers" or more importantly, should you trust contributers who have a questioanble past? RIAEvangelist was responsible for a Hacktivism act against the Russian/Ukraine War introducing a "Peacenotwar" package in NPM - node-ipc_9.2.2. They also maintain 40+ other Open Source projects like event-pubsub (not malicious) https://checkmarx.com/blog/protestware-politics-and-open-source-software/
SupplyChainSecurity Malicious Packages and Users are infiltrating software around the globe. Examples of Account Takeover, Dependency Confusion, Hacktivism and Chain/Repo-Jacking are being used to infect your software. This repository highlights some of the key Supply Chain flaws that Checkmarx can help you uncover before it's too late. Account Take Over (Good Packages Gone Bad) ua-parser-js_0.7.29.zip (Account takeover with malicious intent) ua-parser-js_0.7.28.zip (Safe and respectable version) https://checkmarx.com/blog/uaparser-js-attack-preparations/ Dependency Confusion jb-rpd-splash 99.10.10 https://checkmarx.com/blog/a-new-type-of-supply-chain-attack-could-put-popular-admin-tools-at-risk/ TypoSqutting Moment (https://www.npmjs.com/package/moment) vs. Momnet (https://www.npmjs.com/package/momnet) https://checkmarx.com/blog/recently-discovered-supply-chain-worm/ ChainJacking (Go / Swift) https://checkmarx.com/blog/a-new-type-of-supply-chain-attack-could-put-popular-admin-tools-at-risk/ Hacktisim/Protetsware node-ipc_9.2.2 "Don't trust code from strangers" or more importantly, should you trust contributers who have a questioanble past? RIAEvangelist was responsible for a Hacktivism act against the Russian/Ukraine War introducing a "Peacenotwar" package in NPM - node-ipc_9.2.2. They also maintain 40+ other Open Source projects like event-pubsub (not malicious) https://checkmarx.com/blog/protestware-politics-and-open-source-software/
repo | techs | stars | weekly | forks | weekly |
---|---|---|---|---|---|
ddnexus/pagy | RubyTypeScriptHTML | 4.2k | 0 | 356 | 0 |
asciidoctor/asciidoctor.org | SCSSXSLTJavaScript | 309 | 0 | 822 | 0 |
cruz/iic2333-course | SlimCSCSS | 61 | 0 | 2 | 0 |
Spokenvote/spokenvote | CoffeeScriptRubySlim | 42 | 0 | 45 | 0 |
seyhunak/twitter-bootstrap-rails | HTMLRubyHaml | 4.5k | 0 | 1k | 0 |
teamdigitale/innovazione.gov.it-site | JavaScriptSlimRuby | 9 | 0 | 6 | 0 |
solectrus/solectrus | RubySlimTypeScript | 71 | 0 | 7 | 0 |
bennettfeely/ztext | SCSSHTMLSlim | 328 | 0 | 19 | 0 |
getlago/lago-api | RubySlim | 199 | 0 | 41 | 0 |
SFDigitalServices/sf-dahlia-web | SCSSCoffeeScriptTypeScript | 29 | 0 | 17 | 0 |