Tag: Developer Secrets

For the PostHog team, developers of an open-source analytics platform, the recent npm-based attack has become the most serious security incident in the project’s history. The root of the breach was a malicious release of the library Shai-Hulud 2.0, which attackers used to inject a credential-stealing script into widely used JavaScript SDKs — enabling them…