Dev Encyclopedia
ArticlesToolsContactAbout

Get notified when new content drops

No spam. Just new articles, tools, and updates straight to your inbox.

Dev Encyclopedia

A reference for builders

Dev.to
Discord
WhatsApp Channel
daily.dev
Hashnode
X

Content

  • Articles
  • Tools
  • About
  • Contact

Connect

  • support@devencyclopedia.com
  • RSS Feed

Legal

  • Privacy Policy
  • Terms of Service
  • Disclaimer

© 2026 Dev Encyclopedia

Back to top ↑
  1. Home
  2. /Blog
  3. /Security

Security

6 articles

security

How to Audit Your VS Code Extensions for Security

The GitHub breach happened through a VS Code extension. Here's how to check what you have installed and reduce your exposure in 10 minutes.

May 30, 2026·11 min read·Zeeshan Tofiq
security

GitHub Actions Security: 7 Misconfigurations to Avoid

The 7 GitHub Actions misconfigurations behind real supply chain attacks: weak GITHUB_TOKEN scope, pull_request_target, unpinned actions, script injection.

Jun 12, 2026·14 min read·Zeeshan Tofiq
security

WordPress CDN Supply Chain Attack 2026: What Happened and How to Check Your Site

The OptinMonster, TrustPulse, and PushEngage supply chain attack (June 2026) hit 1.2M sites. Here's exactly how it worked, how to check if you were compromised, and how to recover.

Jun 21, 2026·12 min read·Zeeshan Tofiq
security

Bumblebee Tutorial: Scan Your Dev Machine for Supply Chain Risks

How to install and use Bumblebee, Perplexity's open-source scanner for npm, MCP configs, and extensions. Real commands, scan profiles, and incident response setup.

Jun 21, 2026·11 min read·Zeeshan Tofiq
security

Source Maps Are Leaking Your Code: How to Stop It in Your npm Packages

Source maps with sourcesContent can leak your entire codebase. Learn how to disable them per bundler, audit with npm pack, and automate the check in CI.

Jun 21, 2026·11 min read·Zeeshan Tofiq
security

npm postinstall Attacks: How They Work in 2026

How npm postinstall hook attacks like Shai-Hulud actually work in 2026, and a practical checklist to protect your projects and CI/CD pipeline.

Jul 7, 2026·10 min read·Zeeshan Tofiq