all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

npm Manifest Confusion – What Is It and Do You Really Need to Worry About It?

Add to bookmarks
June 28, 2023, 3:38 p.m. | Ax Sharma

Sonatype Blog blog.sonatype.com




Yesterday, Darcy Clarke, a software developer and a former npm CLI team Engineering Manager, steered everyone’s attention towards a gap in the npm registry website – what he calls “manifest confusion.”

attention cli dependencies developer devzone engineering featured gap manager manifest npm open source registry software software developer team website what is

Visit resource

More from blog.sonatype.com / Sonatype Blog

Sonatype Lifecycle best practices: Getting started and managing SBOMs 6 days, 1 hour ago | blog.sonatype.com
applications best practices critical dependencies +13
DevOps pioneers navigate organizational transformation 1 week, 5 days ago | blog.sonatype.com
depth devops devops transformation download +13
Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens' 2 weeks, 1 day ago | blog.sonatype.com
cases dependency dependency confusion flood +19
The essential duo of SCA and SBOM management 2 weeks, 5 days ago | blog.sonatype.com
application application security attacks duo +16
Automating and maintaining SBOMs 3 weeks, 5 days ago | blog.sonatype.com
artifact automation bill components +11
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma 1 month ago | blog.sonatype.com
attack attacks backdoor bank +26
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma 1 month ago | blog.sonatype.com
attack attacks backdoor bank +26
SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern 1 month ago | blog.sonatype.com
apache cyclonedx devzone experience +14
Cyber readiness and SBOMs 1 month ago | blog.sonatype.com
academic academic research advanced bills +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

EY- GDS- Cybersecurity- Staff

@ EY | Miguel Hidalgo, MX, 11520
View on infosec-jobs.com

Staff Security Operations Engineer

@ Workiva | Ames
View on infosec-jobs.com

Public Relations Senior Account Executive (B2B Tech/Cybersecurity/Enterprise)

@ Highwire Public Relations | Los Angeles, CA
View on infosec-jobs.com

Airbus Canada - Responsable Cyber sécurité produit / Product Cyber Security Responsible

@ Airbus | Mirabel
View on infosec-jobs.com

Investigations (OSINT) Manager

@ Logically | India
View on infosec-jobs.com

Security Engineer I, Offensive Security Penetration Testing

@ Amazon.com | US, NY, Virtual Location - New York
View on infosec-jobs.com
View more jobs