Source |
CSO |
Identifiant |
6688223 |
Date de publication |
2022-09-02 10:35:00 (vue: 2022-09-02 18:05:45) |
Titre |
OpenSSF releases npm best practices to help developers tackle open-source dependency risks |
Texte |
The Open Source Security Foundation (OpenSSF) has released the npm Best Practices Guide to help JavaScript and TypeScript developers reduce the security risks associated with using open-source dependencies. The guide, a product of the OpenSSF Best Practices Working Group, focuses on dependency management and supply chain security for npm and covers various areas such as how to set up a secure CI configuration, how to avoid dependency confusion, and how to limit the consequences of a hijacked dependency. The release comes as developers increasingly share and use dependencies which, while contributing to faster development and innovation, can also introduce risks.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
also areas article associated avoid best can chain click comes configuration confusion consequences contributing covers dependencies dependency developers development faster focuses foundation full group guide has help here hijacked how increasingly innovation introduce javascript limit management npm open openssf please practices product read reduce release released releases risks secure security set share source such supply tackle typescript use using various which working |
Tags |
|
Stories |
|
Notes |
|
Move |
|