$4.6M Series Seed to defend open source from supply chain attacks(socket.dev)
socket.dev
$4.6M Series Seed to defend open source from supply chain attacks
https://socket.dev/blog/series-seed
3 comments
Yes, we intend to broaden the language support as soon as we can! This funding will definitely help get us there.
I'm not too worried about the npm condition. My reading of it is that it's intended to prohibit using security data generated by npm itself. When talking about "data about the security of Packages" they give the examples of "vulnerability reports, audit status reports, and supplementary security documentation". We don't use any of that stuff.
I'm not too worried about the npm condition. My reading of it is that it's intended to prohibit using security data generated by npm itself. When talking about "data about the security of Packages" they give the examples of "vulnerability reports, audit status reports, and supplementary security documentation". We don't use any of that stuff.
Hi HN! Founder of Socket here :)
Socket is built by a team of open source maintainers (everyone on the team is a maintainer!). We're motivated to defend the open source ecosystem from supply chain attacks.
We'll be watching this post, so feel free to ask us questions!
Socket is built by a team of open source maintainers (everyone on the team is a maintainer!). We're motivated to defend the open source ecosystem from supply chain attacks.
We'll be watching this post, so feel free to ask us questions!
Were you able to resolve the potential issue with npm's fourth open source condition[1]? The addition of this condition seems to align with their acquisition of ^Lift Security[2] based off of archive.org snapshots of before[3] and after[4]. Shifting away from npm exclusively seems like a reasonable way to hedge against this.
[1] https://docs.npmjs.com/policies/open-source-terms#conditions
[2] https://blog.npmjs.org/post/172793182214/npm-acquires-lift-s...
[3] https://web.archive.org/web/20170926030855/https://docs.npmj...
[4] https://web.archive.org/web/20190207170526/https://www.npmjs...