"The libraries, which are built from source on SLSA L2 (Supply-chain Levels for Software Artifacts) infrastructure, were introduced on September 25. By securely building each library and its dependencies from source, Chainguard Libraries for JavaScript offers security and engineering teams confidence that malware has not been inserted during the build or distribution of libraries in the JavaScript ecosystem, according to Chainguard. This eliminates a significant gap in the threat landscape, Chainguard added."
"The company said it was offering protection for one of the most critical and vulnerable parts of the software supply chain: the language dependencies developers rely on to build and deploy applications. Chainguard said the risk in the JavaScript ecosystem is not theoretical; in September, packages used by millions of developers were compromised by malicious code. These malware attacks against JavaScript registries like NPM, which developers download billions of times per week,"
Chainguard unveiled Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of malware-resistant JavaScript dependencies built from source on SLSA L2 infrastructure. Each library and its dependencies are securely built from source to provide security and engineering teams confidence that malware was not inserted during build or distribution. The offering addresses a major gap in software supply-chain threats by protecting language dependencies developers rely on to build and deploy applications. Recent compromises of widely used packages demonstrate real-world risk in the JavaScript ecosystem. The surge in AI-driven JavaScript development increases opportunities for attackers.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]