SecurityWeek

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

In response to recent software supply chain attacks, NPM version 12 is blocking the automatic script execution at install.
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...