GitHub

gomodjail: jail for Go modules

gomodjail imposes syscall restrictions on a specific set of Go modules, so as to mitigate their potential vulnerabilities and supply chain attack vectors. In other words, gomodjail is a "container" ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...