This is exactly what #opensourcesecuritypodcast talked about in:

https://opensourcesecurity.io/2025/2025-11-npm-charlie/

And I just found one in the wild. How?: by using #pnpm (instead of npm) and taking the short time to read the postinstall script. Not rocket science.

📻 I enjoyed the #OpenSourceSecurityPodcast this week with

👤 https://infosec.exchange/@joshbressers and
👤 @popey
of
🏢 @anchore

I used #Syft/ #Grype on a few OCI containers recently and was horrified to discover one had some nasty issues lurking within.

Great tools which I intend to use any time I handle OCI containers. Looking forward to trying Grant soon.

Thank you

🔗 https://opensourcesecurity.io/2025/2025-04-syft-grype-grant-alan-pope/
🔗 https://anchore.com/opensource/

#OpenSourceSecurity
#CyberSecurity
#SBOM
#Vulnerabilities

@joshbressers @kurtseifried sorry to see the podcast go, it was always nice to hear your views and insights! Looking forward to whatever comes out, I'll have to figure out a way to keep an eye out for it tho.

#opensourcesecuritypodcast

@thedoctor @ErikvanStraten @robin

#OpenSourceSecurityPodcast has just released and episode about passwords, definitely worth the listen

https://opensourcesecurity.io/2024/12/29/episode-461-the-new-nist-password-guidance/

I enjoyed the recent @joshbressers and @kurtseifried #opensourcesecuritypodcast on govt activities, although I disagree with their conclusion.

We can do a deeper dive into the policies, but I think a lot of it comes down to a core assumption they make, and we haven't: *choice* plays very little role in OSS consumption. I heard this expressed to the point of saying that there is very little agency or decision-making at all.

This is interesting to me, and something that can be (and should be, if it's not) measured.
https://opensourcesecurity.io/2024/07/21/episode-438-cisas-bad-oss-advice-vs-the-whitehouse-good-advice/

@kurtseifried @joshbressers i really would love to know your opinion on this #opensourcesecuritypodcast

Thanks to @kurtseifried and @joshbressers for another fun and interesting episode of podcast Open Source Security Podcast. :)
Episode 389
https://opensourcesecurity.io/2023/08/20/episode-389-what-would-hashicorp-do/
#opensouce #copyrights #opensourcesecuritypodcast

@mastodon.social@kurtseifried mastodon.social@joshbressers I was listening to your episode "Joylynn Kirui from Microsoft on DevSecOps" E363

Instead of saying S-Two-C-Two-F why not say siiciif replacing the two with roman numerals II

#S2C2F #OpenSourceSecurityPodcast #DevSecOps

I was listening to Open Source Security Podcast and got a nice reminder that AGDQ is live once again! :owi:

Thank you @joshbressers and @kurtseifried for the Podcast and the reminder for AGDQ! :blobcoffee:

#agdq #agdq2023 #opensourcesecuritypodcast

The ridiculous piano theme at the beginning of the Open Source Security Podcast is a perfect segue after a really heavy & serious podcast :blobchef:

#opensourcesecuritypodcast

@galaxis
For a moment you thought you were the author - which has a great podcast on open source security called:
#OpenSourceSecurityPodcast

@cedricbonhomme
Cool!
I thought this was from the #OpenSourceSecurityPodcast