-
Harden npm Against the 2026 Supply Chain Wave: A Playbook
June 20, 2026Shai-Hulud, the TanStack OIDC hijack, mini Shai-Hulud — a layered, copy-paste playbook to lock down your npm dependency pipeline before you get hit.
NomadLab · 10 min read ·npm-securitysoftware-supply-chain-security+4 -
Socket vs Snyk vs Aikido vs Endor Labs vs Semgrep (2026)
May 12, 2026After the Axios npm RAT, which supply chain security tool would have caught it? A vendor-neutral comparison of malware-aware scanners vs CVE-based SCA.
NomadLab · 13 min read ·software-supply-chain-securitysca-tools+6