https://dendritictech.com/topics/npm/ Recent content in npm on Dendritic Tech Hugo -- gohugo.io © 2020. All rights reserved. Sat, 11 Jan 2020 14:38:09 -0800 https://dendritictech.com/post/npm-maintainers-security-review/ Sat, 11 Jan 2020 14:38:09 -0800 https://dendritictech.com/post/npm-maintainers-security-review/ After brief investigation of the top 1,000 downloaded NPM Packages, we found that a number of the package maintainers accounts have insufficient protection against basic account takeover methods. This could affect a number of downstream projects, some of which help host basic and foundational infrastructure in modern, digital society. In the tech world, we stand upon the shoulders of giants. If those giants have weak security authenticating their identities, they may crumble.