Supply Chain
Browse all articles, tutorials, and guides about Supply Chain
2posts
Posts
⌘K
DevOps
2026-05-12|11 min read
TanStack npm Worm: The Supply-Chain Attack With a Dead-Man's Switch
On May 11, 2026, attackers republished 14+ official TanStack packages on npm with a worm that signs itself with valid SLSA provenance and arms a dead-man's switch that wipes your home directory the moment you revoke the stolen GitHub token. Here is what happened, how the payload works, and how to check your machine.
Security
2025-01-24|11 min read
Software Supply Chain Security: SBOMs, Sigstore, and SLSA in Practice
Protect your software supply chain with practical steps for SBOM generation, artifact signing with Cosign, and SLSA provenance. Includes complete CI/CD pipeline examples for GitHub Actions and GitLab CI.