GigaTap articles tagged npm security.
- Node-gyp Supply Chain Worm: Install-Time Execution Risk - A npm supply chain worm abuses node-gyp install-time builds via binding.gyp, bypassing lifecycle-script monitoring and exposing CI and cloud credentials.
- TeamPCP supply chain shifts into reusable worm tradecraft - The TeamPCP campaign evolves from targeted intrusion into reusable supply-chain worming across npm and CI/CD pipelines, challenging provenance and attribut