- https://snyk.io/blog/typosquatting-attacks/
- https://www.securityweek.com/react-native-aria-packages-backdoored-in-supply-chain-attack/
- https://www.ivanti.com/blog/software-supply-chain-attack-risk
- https://www.securityweek.com/popular-scraping-tools-npm-package-compromised-in-supply-chain-attack/
- https://www.cisa.gov/sites/default/files/2024-10/SBOM%20Framing%20Software%20Component%20Transparency%202024.pdf
- https://www.cisa.gov/topics/cyber-threats-and-advisories/sbom/sbomresourceslibrary
- https://anchore.com/blog/sbom-and-policy-as-code-a-developers-guide/
- https://asimily.com/blog/what-are-sboms-and-why-you-should-care/
- https://github.com/CycloneDX/cyclonedx-cli
- https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1
- https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity
- https://github.com/microsoft/sbom-tool
- https://github.com/anchore/grype
- https://github.com/snyk/cli?tab=readme-ov-file
- https://blog.se.com/digital-transformation/cybersecurity/2025/02/06/what-are-sboms-software-bill-of-materials/
Created
November 21, 2025 19:00
-
-
Save chrisdemars/b1fa1d6d963d9df7ae888d9681061f16 to your computer and use it in GitHub Desktop.
Possessed by Packages: Is Your JavaScript Haunted?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment