Lesson from Core-JS: Beware hidden dependencies from indebted Russian devs - ReversingLabs

This is not a drill: Denis Pushkarev has big debts — and his code is EVERYWHERE.
The Code-JS project is absolutely huge. Perhaps your project has a dependency on it? The likelihood is you’d never know.

The #SoftwareSupplyChain #security alarm should be at DEFCON 2 by now.

In this week’s #SSBlogwatch we sum up the situation at fast pace.

For @ReversingLabs’ @SecuredSoftware: https://t.co/LkVjR4i6Bg

— @Richi 🤓 Jennings (@RiCHi) February 22, 2023