This blog post describes how OwnersBox quickly mitigated the threat of the “Shai-Hulud” npm supply chain attack in September 2025. The attack involved malicious packages that stole credentials and aggressively self-propagated.
Hey SBOM enthusiasts 👋 An SBOM isn’t just a list of components anymore — it has detailed information of your software, which contains hundreds of components. And that’s what gives you the transparency of each and every component: such as, who authored it, who supplies it, under what license it’s released, and even what known vulnerabilities it carries. In other words, it’s not just an inventory — it’s visibility into the very DNA of your software. ...