[ad_1] Hoje, o GitHub lançou uma nova versão beta pública para melhorar drasticamente a experiência de autenticação de dois fatores (2FA) para todas as contas de usuário npm. Myles Borins, gerente de produto de código aberto do GitHub, disse que a plataforma de hospedagem de código agora permite que contas npm registrem “fatores de vários … Read more
[ad_1] In a surprising move, the popular open source project, SheetJS, also known as “xlsx”, dropped support for npm registration. Downloaded around 1.4 million times per week on npm, SheetJS is trusted by NodeJS developers to create and analyze Excel spreadsheets using only JavaScript. The project maintainer suggests that the decision to deregister npm is … Read more
[ad_1] The Open Source Security Foundation (OpenSSF), an initiative supported by the Linux Foundation, has released its first prototype version of the ‘Packet Analysis’ tool that aims to detect and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on GitHub was … Read more
[ad_1] A “logic flaw” in the npm registry allowed the authors of malicious packages to silently add anyone and any number of users as “maintainers” of their packages in an attempt to increase trust in their packages. The GitHub-owned repository of NodeJS components has now fixed the flaw after cloud-native security company Aqua responsibly reported … Read more