The Changelog: Software Development, Open Source cover image

npm under siege (what to do about it) (Friends)

The Changelog: Software Development, Open Source

00:00

How GitHub Actions misconfiguration enabled takeover

Feross walks through the pull_request_target trigger, shell injection via PR title, and how attackers obtained tokens.

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app