What is Software Supply Chain Integrity?
Software supply chain integrity is becoming essential as teams rely more on OSS. This guide breaks down the core pillars, risks, and best practices to secure your dependencies…
Cloudsmith Blog
Supply chain security
Extend EPM policies to Hugging Face artifacts
By now it’s clear the use of GenAI tooling like Cursor and Claude has fundamentally changed how code is written. This shift, which we explored in depth in our previous post, moves the security perimet…
Shai-Hulud: The Second Coming - What You Need to Know and Do Now
At approximately 0300 on the 24th of November 2025, a new wave of compromised open source packages began circulating in the npm ecosystem. This iteration (dubbed “Shai-Hulud: The Second Coming” by the attackers) is designed to leak developer secrets, including GitHub tokens, CI/CD credentials, and cloud credentials. Here is what we know, how we responded, and what you need to do…
Keep up to date with our monthly newsletter
By submitting this form, you agree to our privacy policy
