In September 2025, the npm ecosystem experienced one of the most consequential software supply-chain compromises to date. A self-propagating worm, now commonly referred to as Shai-Hulud, compromised hundreds of npm packages, harvested developer and CI/CD credentials, and used those credentials to spread laterally across the ecosystem by publishing further malicious updates under the identities of legitimate maintainers. Within weeks, a

When we talk about security related to the software supply chain and third-party software management, it’s key that the tools you use provide detailed reports on the known and unknown vulnerabilities inside applications along with the level of exploitability of those vulnerable components. Absent that, all you have is a listing of SBOM parts without much to act on. Typically,

Revenera just released “The 2022 State of the Software Supply Chain Report”, which collects over 100 Revenera audit services projects and covers several topics around OSS such as Software Composition Analysis, License Compliance, Security Vulnerabilities, Open Source Licenses, the SBOM, the Supply Chain etc. The report is a response to the increase in OSS dependencies as well as the increase