DiscoverOpen Source SecurityNPM supply chain attacks with Charlie Eriksen
NPM supply chain attacks with Charlie Eriksen

NPM supply chain attacks with Charlie Eriksen

Update: 2025-11-09
Share

Description

Josh chats with Charlie Eriksen, a security researcher at Aikido Security. We discuss the recent NPM supply chain attacks that affect hundreds of packages. Charlie shares his experiences dealing with recent security breaches, the challenges of maintaining trust in open source software, and the importance of proactive measures to safeguard open source. The rapid pace of change is impacting our security practices and what steps can be taken to foster resilience in the face of evolving threats.

The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2025/2025-11-npm-charlie/

Comments 
loading
In Channel
NPM supply chain attacks with Charlie Eriksen

NPM supply chain attacks with Charlie Eriksen

2025-11-0934:31

Detecting XZ in Debian with Otto Kekäläinen

Detecting XZ in Debian with Otto Kekäläinen

2025-11-0231:48

Eclipse Foundation SBOMs with Mikael Barbero

Eclipse Foundation SBOMs with Mikael Barbero

2025-10-2031:15

Actually finding vulnerabilities using AI with Joshua Rogers

Actually finding vulnerabilities using AI with Joshua Rogers

2025-10-1331:35

Sustaining Package Repositories with Brian Fox

Sustaining Package Repositories with Brian Fox

2025-10-0642:20

Arch Linux Security with Foxboron and Anthraxx

Arch Linux Security with Foxboron and Anthraxx

2025-09-2938:08

OpenSSL with Hana Andersen and Anton Arapov

OpenSSL with Hana Andersen and Anton Arapov

2025-09-2228:48

The Python Software Foundation with Deb Nicholson

The Python Software Foundation with Deb Nicholson

2025-09-1537:48

Using Mercator to map assets with Didier Barzin

Using Mercator to map assets with Didier Barzin

2025-09-0825:48

Talos Linux security with Andrey Smirnov

Talos Linux security with Andrey Smirnov

2025-09-0138:04

Discussing the Open Source, Open Threats? paper with Behzad and Ali

Discussing the Open Source, Open Threats? paper with Behzad and Ali

2025-08-2534:59

crates.io trusted publishing with Tobias Bieniek

crates.io trusted publishing with Tobias Bieniek

2025-08-1825:39

CVE update with Patrick Garrity

CVE update with Patrick Garrity

2025-08-1132:25

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

2025-08-0431:38

EU Regulations will change everything with Daniel Thompson

EU Regulations will change everything with Daniel Thompson

2025-07-2831:57

Open source microprocessors with Jan Pleskac

Open source microprocessors with Jan Pleskac

2025-07-2130:51

Package URLs with Philippe Ombredanne

Package URLs with Philippe Ombredanne

2025-06-2336:48

Hobbyist Maintainers with Thomas DePierre

Hobbyist Maintainers with Thomas DePierre

2025-06-1649:03

STIG automation with Aaron Lippold

STIG automation with Aaron Lippold

2025-06-0933:28

Ecosyste.ms with Andrew Nesbitt

Ecosyste.ms with Andrew Nesbitt

2025-06-0235:38

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

NPM supply chain attacks with Charlie Eriksen

NPM supply chain attacks with Charlie Eriksen