Imagine firing up a new npm package, only to have it quietly phoning home with your AWS keys. Warden v2.0 stops that nightmare dead — a free CLI built by a dev fed up with supply chain roulette.
Imagine your build server phoning home to hackers. Axios, with 100M+ weekly downloads, just lived that horror for two hours.
Another day, another supply chain scare rippling through open source. GitHub's touting fixes for Actions workflows and npm malware, but who's really winning here?
The maintainer of ESLint just laid bare what developers won't say publicly: npm—the backbone of JavaScript—is held together with duct tape and good intentions. And GitHub's recent security push? Not nearly enough.