Changelog Master Feed cover image

npm under siege (what to do about it) (Changelog & Friends #111)

Changelog Master Feed

00:00

GitHub Actions Misconfiguration Enabling Exploits

Feross walks through how workflow injection and using pull_request_target allowed attackers to obtain tokens and modify workflows.

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app