A podcast for developers interested in building great software products. Every episode, Adam Wathan is joined by a guest to talk about everything from product design and user experience to unit testing and system administration.
…
continue reading
תוכן מסופק על ידי HackerNoon. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי HackerNoon או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לProgramming Tech Brief By HackerNoon
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
We already have many of the climate solutions we need. But scaling them is hard. The Green Blueprint is a show about the people who are architecting the clean economy. Every other week, host Lara Pierpoint profiles the founders, investors, and organizational leaders who are solving complex challenges in the quest to build climate technologies fast.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
npm's New Token Limits Won't Stop the Attacks That Actually Happen
Manage episode 517706342 series 3474159
תוכן מסופק על ידי HackerNoon. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי HackerNoon או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
This story was originally published on HackerNoon at: https://hackernoon.com/npms-new-token-limits-wont-stop-the-attacks-that-actually-happen.
npm's October 2025 security overhaul introduces 90-day token limits and kills classic tokens. But the biggest supply chain attacks—from XZ Utils to the...
Check more stories related to programming at: https://hackernoon.com/c/programming. You can also check exclusive content about #npm, #npm-token-limit, #npm-token-attacks, #cybersecurity, #npm-package-security, #npm-token-security, #npm-security, #software-development, and more.
This story was written by: @encapsulation. Learn more about this writer by checking @encapsulation's about page, and for more stories, please visit hackernoon.com.
npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't address how attacks actually happen. The September 2025 breach that compromised 18 packages with 2.6B weekly downloads succeeded via phishing—the attacker had full account access and could generate tokens at will. The XZ Utils backdoor involved three years of social engineering to gain maintainer trust. Token rotation doesn't stop account takeovers, malicious insiders, or the lack of code review. npm is treating the symptom (token exposure) rather than the disease (anyone can publish anything instantly).
417 פרקים
שתפו
Manage episode 517706342 series 3474159
תוכן מסופק על ידי HackerNoon. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי HackerNoon או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
This story was originally published on HackerNoon at: https://hackernoon.com/npms-new-token-limits-wont-stop-the-attacks-that-actually-happen.
npm's October 2025 security overhaul introduces 90-day token limits and kills classic tokens. But the biggest supply chain attacks—from XZ Utils to the...
Check more stories related to programming at: https://hackernoon.com/c/programming. You can also check exclusive content about #npm, #npm-token-limit, #npm-token-attacks, #cybersecurity, #npm-package-security, #npm-token-security, #npm-security, #software-development, and more.
This story was written by: @encapsulation. Learn more about this writer by checking @encapsulation's about page, and for more stories, please visit hackernoon.com.
npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't address how attacks actually happen. The September 2025 breach that compromised 18 packages with 2.6B weekly downloads succeeded via phishing—the attacker had full account access and could generate tokens at will. The XZ Utils backdoor involved three years of social engineering to gain maintainer trust. Token rotation doesn't stop account takeovers, malicious insiders, or the lack of code review. npm is treating the symptom (token exposure) rather than the disease (anyone can publish anything instantly).
417 פרקים
כל הפרקים
×
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
דומה לProgramming Tech Brief By HackerNoon
A podcast for developers interested in building great software products. Every episode, Adam Wathan is joined by a guest to talk about everything from product design and user experience to unit testing and system administration.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
We already have many of the climate solutions we need. But scaling them is hard. The Green Blueprint is a show about the people who are architecting the clean economy. Every other week, host Lara Pierpoint profiles the founders, investors, and organizational leaders who are solving complex challenges in the quest to build climate technologies fast.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
