September 23, 2022
ReversingLabs has discovered a malicious npm package disguised as the software tool Material Tailwind. Here's an in-depth look at our discovery — and threat analysis. (Updated with MachO executable information.)
September 14, 2022
OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain
Here's what you need to know about the new OpenSSF npm security best practices.