Security researcher finds it’s easy to confuse build systems with malicious versions of private software libraries

Bug hunter Alex Birsan last year managed to compromise the software supply chain of 35 companies by exploiting packaging mechanisms used by JavaScript, Python, and Ruby developers.…

…read more

Source:: TheRegister