A podcast for developers interested in building great software products. Every episode, Adam Wathan is joined by a guest to talk about everything from product design and user experience to unit testing and system administration.
…
continue reading
محتوای ارائه شده توسط HackerNoon. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط HackerNoon یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه Programming Tech Brief By HackerNoon
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
We already have many of the climate solutions we need. But scaling them is hard. The Green Blueprint is a show about the people who are architecting the clean economy. Every other week, host Lara Pierpoint profiles the founders, investors, and organizational leaders who are solving complex challenges in the quest to build climate technologies fast.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
npm's New Token Limits Won't Stop the Attacks That Actually Happen
Manage episode 517706342 series 3474159
محتوای ارائه شده توسط HackerNoon. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط HackerNoon یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
This story was originally published on HackerNoon at: https://hackernoon.com/npms-new-token-limits-wont-stop-the-attacks-that-actually-happen.
npm's October 2025 security overhaul introduces 90-day token limits and kills classic tokens. But the biggest supply chain attacks—from XZ Utils to the...
Check more stories related to programming at: https://hackernoon.com/c/programming. You can also check exclusive content about #npm, #npm-token-limit, #npm-token-attacks, #cybersecurity, #npm-package-security, #npm-token-security, #npm-security, #software-development, and more.
This story was written by: @encapsulation. Learn more about this writer by checking @encapsulation's about page, and for more stories, please visit hackernoon.com.
npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't address how attacks actually happen. The September 2025 breach that compromised 18 packages with 2.6B weekly downloads succeeded via phishing—the attacker had full account access and could generate tokens at will. The XZ Utils backdoor involved three years of social engineering to gain maintainer trust. Token rotation doesn't stop account takeovers, malicious insiders, or the lack of code review. npm is treating the symptom (token exposure) rather than the disease (anyone can publish anything instantly).
419 قسمت
اشتراک گذاری
Manage episode 517706342 series 3474159
محتوای ارائه شده توسط HackerNoon. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط HackerNoon یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
This story was originally published on HackerNoon at: https://hackernoon.com/npms-new-token-limits-wont-stop-the-attacks-that-actually-happen.
npm's October 2025 security overhaul introduces 90-day token limits and kills classic tokens. But the biggest supply chain attacks—from XZ Utils to the...
Check more stories related to programming at: https://hackernoon.com/c/programming. You can also check exclusive content about #npm, #npm-token-limit, #npm-token-attacks, #cybersecurity, #npm-package-security, #npm-token-security, #npm-security, #software-development, and more.
This story was written by: @encapsulation. Learn more about this writer by checking @encapsulation's about page, and for more stories, please visit hackernoon.com.
npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't address how attacks actually happen. The September 2025 breach that compromised 18 packages with 2.6B weekly downloads succeeded via phishing—the attacker had full account access and could generate tokens at will. The XZ Utils backdoor involved three years of social engineering to gain maintainer trust. Token rotation doesn't stop account takeovers, malicious insiders, or the lack of code review. npm is treating the symptom (token exposure) rather than the disease (anyone can publish anything instantly).
419 قسمت
كل الحلقات
×
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
مشابه Programming Tech Brief By HackerNoon
A podcast for developers interested in building great software products. Every episode, Adam Wathan is joined by a guest to talk about everything from product design and user experience to unit testing and system administration.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
We already have many of the climate solutions we need. But scaling them is hard. The Green Blueprint is a show about the people who are architecting the clean economy. Every other week, host Lara Pierpoint profiles the founders, investors, and organizational leaders who are solving complex challenges in the quest to build climate technologies fast.
…
continue reading
A weekly talk show taking a pragmatic look at the art and business of Software Development and the world of technology.
…
continue reading
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: [email protected]
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
