How did you guys detect it? Do you use it internally or do you monitor popular p... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		janice1999 16 days ago \| parent \| context \| favorite \| on: Postmortem: TanStack NPM supply-chain compromise How did you guys detect it? Do you use it internally or do you monitor popular packages?

varunsharma07 15 days ago [–]

We have built an AI Package Analyst https://app.stepsecurity.io/oss-security-feed and also monitor them using https://github.com/step-security/harden-runner for runtime behavior.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact