Featured
Posted by
Crista Perlton on May 22nd, 2025.
“Vibe coding”, or developers using AI assistants to quickly churn out code via prompts is the new thing. While generally helpful, there is a risk that these tools can suggest packages that don’t actually exist or have been “slopsquatted” (named to mimic legit ones). This supply chain security risk could welcome vulnerabilities or malware...
Featured
Posted byCrista Perlton on May 6th, 2025.
Your team leans on internal npm packages – trusted tools you use every day. But a developer, tricked by “typosquatting” or dependency confusion, grabs a malicious lookalike from the public registry, thinking it’s legit. Next thing you know, systems are compromised, and sensitive data’s leaking, all because of confusing...
Featured
Posted byCrista Perlton on May 3rd, 2025.
This article is part of a series on Migrating from .NET Framework to .NET, also available as a chapter in our free, downloadable eBook Microsoft is all about the current .NET (.NET 5 to .NET 10). But our trusty old .NET Framework isn’t going anywhere. It’s indefinitely supported. So even with all the buzz around .NET...
Featured
Posted byCrista Perlton on April 15th, 2025.
A single-server ProGet instance, especially in organizations with sustained, high-volume traffic can become overloaded —particularly when many users are all making concurrent calls to it. Client tools like NuGet and npm can make thousands of simultaneous requests—each one needing validation, compliance checks and often forwarding through...
Featured
Posted byCrista Perlton on March 27th, 2025.
Your development team pulls a package from a ProGet feed connected to npmjs.org. It seems pretty straightforward and routine, until you later discover the package contains known vulnerabilities, leaking sensitive user data. OSS registries can be unpredictable: some packages are reliable, others… not so much. Without proper...
Crista Perlton on May 22nd, 2025.