VentureBeat

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates from a compromised ...
GitHub

Light, fluffy, and always free

Floci is a free, open-source local AWS emulator for development, testing, and CI. It gives you AWS-shaped services on your machine without requiring a cloud account ...