DEV Community

# supplychain

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Twelve Trust Boundaries: A Field Guide to Supply-Chain Defense After axios@1.14.1
ahmadkanj profile

Twelve Trust Boundaries: A Field Guide to Supply-Chain Defense After axios@1.14.1

#security #devsecops #githubactions #supplychain
Comments
28 min read
Twelve Trust Boundaries: A Field Guide to Supply-Chain Defense After axios@1.14.1
ahmadkanj profile

Twelve Trust Boundaries: A Field Guide to Supply-Chain Defense After axios@1.14.1

#security #devsecops #githubactions #supplychain
Comments
28 min read
Add Real Business Trust Signals to Claude Desktop in 60 Seconds
piiiico profile
Pico

Add Real Business Trust Signals to Claude Desktop in 60 Seconds

#npm #security #javascript #supplychain
Comments
2 min read
Add Trust Scoring to Your CI Pipeline in 5 Minutes
piiiico profile
Pico

Add Trust Scoring to Your CI Pipeline in 5 Minutes

#npm #security #javascript #supplychain
Comments
3 min read
AGENTS.md moved AI performance up a model tier. Package trust needs the same.
piiiico profile
Pico

AGENTS.md moved AI performance up a model tier. Package trust needs the same.

#npm #security #javascript #supplychain
Comments
2 min read
Twelve Trust Boundaries: A Field Guide to Supply-Chain Defense After axios@1.14.1
ahmadkanj profile

Twelve Trust Boundaries: A Field Guide to Supply-Chain Defense After axios@1.14.1

#security #devsecops #axios #supplychain
1
Comments
29 min read
How to Choose a PCB Manufacturer – A Practical Guide for Hardware Engineers
maggie-pcb profile

How to Choose a PCB Manufacturer – A Practical Guide for Hardware Engineers

#pcbmanufacturing #hardwareengineering #supplychain #smallbatch
Comments
4 min read
MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found.
piiiico profile
Pico

MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found.

#security #mcp #supplychain #javascript
Comments
5 min read
One Year of Liberation Day: What the Tariff Rollout Actually Revealed About AI Infrastructure
david_aronchick_ea415de50 profile

One Year of Liberation Day: What the Tariff Rollout Actually Revealed About AI Infrastructure

#ai #infrastructure #supplychain #distributedcomputing
Comments
8 min read
161 verified AI package hallucinations across 8.5M indexed — open dataset
depscope profile

161 verified AI package hallucinations across 8.5M indexed — open dataset

#ai #security #supplychain #mcp
Comments
4 min read
Proof-of-Commitment Internals: How the Scoring Algorithm Works
piiiico profile
Pico

Proof-of-Commitment Internals: How the Scoring Algorithm Works

#npm #security #javascript #supplychain
1
Comments
6 min read
Four MCP packages, four ways the supply chain shifted in two weeks of npm monitoring
michael_onyekwere profile

Four MCP packages, four ways the supply chain shifted in two weeks of npm monitoring

#security #supplychain #mcp #npm
Comments
7 min read
Slopsquatting in Python: What 205,474 Hallucinated Package Names Mean for Your Supply Chain
duriantaco profile

Slopsquatting in Python: What 205,474 Hallucinated Package Names Mean for Your Supply Chain

#python #security #ai #supplychain
Comments
8 min read
I built chainscope: reading supply chain attacks across 6 surfaces, one slide at a time
kanywst profile
kt

I built chainscope: reading supply chain attacks across 6 surfaces, one slide at a time

#showdev #security #supplychain
Comments
7 min read
SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier
kanywst profile
kt

SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier

#security #supplychain #slsa #sigstore
Comments
11 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.