Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
GitHub

Alliedium/awesome-software-engineering

A curated list of awesome software engineering resources. - Alliedium/awesome-software-engineering ...
GitHub

seanippolito/self-hosting-guide

Hugo Lyra is a typescript module for creating LyraSearch indexes for static Hugo sites, it comes with server and client libraries. Typesense is a fast, typo-tolerant search engine for building ...