🚨 BREAKING: Socket is investigating an active npm supply chain attack compromising hundreds of packages in the @antv ecosystem.

The malicious publish wave appears tied to Mini Shai-Hulud and packages connected to the npm maintainer account atool. This is a developing story. We’ve embedded the affected package list from Socket’s campaign page and will keep updating as more versions and payload details are confirmed.

socket.dev/blog/antv-pack…

📢 Move over Kardashians 📸, John Wick 🕶️🔫 is the new media obsession!

🌊 The npm registry is drowning in a tsunami of spam, and it's all thanks to everyone's favorite gun-toting antihero.

Yesterday, we counted 4,600 npm packages about John Wick. Today, it's almost 5,600! 🤯💥 🚀 That's right, folks – a mind-blowing 0.02% of npm is now dedicated to Mr. Wick.

🍲 We've already cooked up some ways to handle these pesky packages and made some interesting discoveries! 🕵️‍♀️🔍

Follow @SocketSecurity and read on to get the full story: socket.dev/blog/npm-regis…

Socket is proud to announce that we’ve received a clean SOC 2 Type 1 attestation report.

Read this thread to learn:

⭐️ How does Socket put security first?
⭐️ What is a SOC 2 audit?
⭐️ Why does SOC 2 compliance matter?

🧵 See thread ⬇️⬇️⬇️

socket.dev/blog/announcin… ⭐️ How does Socket put security first?

Security is not just a feature. It’s our mission.

Every design decision in Socket begins with the safety and privacy of your data in mind. We can't read your source code, and no one else can either.