CodeZineは、株式会社翔泳社が運営するソフトウェア開発者向けのWebメディアです。「デベロッパーの成長と課題解決に貢献するメディア」をコンセプトに、現場で役立つ最新情報を日々お届けします。

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

A recent Stack Overflow survey found that more than 84% of developers are already using or planning to use AI tools in their workflow. After trying OpenAI Codex for myself, I understand why. Like many ...

A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...

Hubtel review: features, transaction fees, real use cases for Ghanaian businesses and individuals. Compare rates, setup costs.

株式会社エーアイセキュリティラボは5月11日、脆弱性診断の自動化ツール「AeyeScan」に手動巡回機能で任意のJavaScriptを実行できる新機能を追加したと発表した。 「AeyeScan」は、AIとRPA（Robotic Process ...

GitHubは2026年5月22日、npmのサプライチェーンセキュリティを強化する更新として、Staged publishingの一般提供開始と、新しいインストール元制御フラグを発表した。いずれもnpm CLI 11. 15. 0以降で利用できる。 Staged publishingは、パッケージのバージョンを直接レジストリへ公開するのではなく、事前にステージング領域へ送信し、メンテナーが明示的に ...

Automatic cleaners only know about a fixed set of cache folders, and the decisions they make are limited to what they were preprogrammed for. ApexDisk finds and surfaces everything else they skip: ...