Bleeping Computer

NPM fixes private package names leak, serious authorization bug

The largest software registry of Node.js packages, npm, has disclosed multiple security flaws that were identified and remedied recently. The first flaw concerns leak of names of private npm packages ...
Dark Reading

'Revival Hijack' on PyPI Disguises Malware With Legitimate File Names

Security researchers have discovered a simple and troubling way for attackers to distribute malicious payloads via the PyPI package repository. All that the technique involves is re-registering a ...
Dark Reading

Novel npm Timing Attack Allows Corporate Targeting

A novel timing attack has emerged for targeting private corporate software packages hosted in the npm code repository. The goal is to uncover the legitimate offerings and then create malicious public ...
Ars Technica

Spoofing package names in java

I've been trying to figure out a fairly obscure point about the java classloader -- can anyone help with this: 1) Java protects it's internal class from "spoofing" attacks. I can't declare my own ...
InfoWorld

Packages and static imports in Java

In a previous Java 101 tutorial, you learned how to better organize your code by declaring reference types (also known as classes and interfaces) as members of other reference types and blocks. I also ...
InfoWorld

How changing Java package names transformed my system architecture

Changing your perspective even a small amount can have profound effects on how you approach your system. Let’s say you’re writing a web application in Java. In the system you deal with orders, ...
Computerworld

Great R packages for data import, wrangling, and visualization

The table below shows my favorite go-to R packages for data import, wrangling, visualization and analysis — plus a few miscellaneous tasks tossed in. The package names in the table are clickable if ...